CVE-2026-23762: CWE-755 Improper Handling of Exceptional Conditions in VB-Audio Software Voicemeeter (Standard)
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
AI Analysis
Technical Summary
CVE-2026-23762 affects multiple VB-Audio Software products, including Voicemeeter (Standard, Banana, Potato) and Matrix (Matrix and Matrix Coconut) versions up to specified releases. The vulnerability is rooted in the virtual audio drivers (e.g., vbvoicemeetervaio64*.sys and related drivers) that map non-paged pool memory into user space using the Windows kernel function MmMapLockedPagesSpecifyCache with UserMode access. When the system's virtual address space is exhausted or the mapping fails, MmMapLockedPagesSpecifyCache raises an exception. The drivers do not implement proper exception handling for this scenario, causing the exception to propagate unhandled and crash the kernel, resulting in a Blue Screen of Death (BSoD) with a SYSTEM_SERVICE_EXCEPTION and STATUS_NO_MEMORY error. This flaw can be exploited by any local unprivileged user to cause a denial-of-service condition by forcing the system to crash. The attack requires no privileges, no user interaction, and no network access, limiting the attack vector to local access only. The impact is confined to system availability, with no direct compromise of confidentiality or integrity. No known public exploits or patches exist at this time, but the vulnerability is publicly disclosed with a CVSS 4.0 score of 6.9, indicating a medium risk level.
Potential Impact
The primary impact of CVE-2026-23762 is a denial-of-service condition caused by a kernel crash (BSoD) on affected Windows systems running vulnerable VB-Audio Software drivers. This can disrupt audio services and potentially affect critical systems relying on these drivers for audio processing, such as broadcasting, streaming, conferencing, or professional audio production environments. The disruption can lead to operational downtime, loss of productivity, and potential cascading effects if the affected system is part of a larger infrastructure. Since the vulnerability can be triggered by any local user without privileges, it poses a risk in multi-user environments, shared workstations, or systems exposed to untrusted users. However, the lack of remote exploitability and absence of privilege escalation or data compromise limits the overall severity. Organizations with high availability requirements or those using these audio drivers in sensitive environments should consider this a significant risk to system stability.
Mitigation Recommendations
To mitigate CVE-2026-23762, organizations should: 1) Monitor VB-Audio Software vendor communications closely for patches or updated driver releases addressing this exception handling flaw and apply them promptly once available. 2) Restrict local user access on systems running vulnerable drivers to trusted personnel only, minimizing the risk of unprivileged users triggering the DoS. 3) Implement application whitelisting and endpoint protection controls to prevent unauthorized execution of code that could attempt to exploit this vulnerability. 4) Consider isolating or segmenting systems that require these audio drivers to limit exposure and impact in case of a crash. 5) Regularly audit and monitor system logs for signs of repeated crashes or attempts to exhaust virtual address space. 6) As a temporary workaround, evaluate whether alternative audio drivers or software can replace the vulnerable VB-Audio drivers until a patch is available. 7) Educate users about the risk of local attacks and enforce strict access controls on shared or multi-user systems.
Affected Countries
United States, Germany, France, United Kingdom, Japan, South Korea, Canada, Australia, Netherlands, Sweden
CVE-2026-23762: CWE-755 Improper Handling of Exceptional Conditions in VB-Audio Software Voicemeeter (Standard)
Description
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-23762 affects multiple VB-Audio Software products, including Voicemeeter (Standard, Banana, Potato) and Matrix (Matrix and Matrix Coconut) versions up to specified releases. The vulnerability is rooted in the virtual audio drivers (e.g., vbvoicemeetervaio64*.sys and related drivers) that map non-paged pool memory into user space using the Windows kernel function MmMapLockedPagesSpecifyCache with UserMode access. When the system's virtual address space is exhausted or the mapping fails, MmMapLockedPagesSpecifyCache raises an exception. The drivers do not implement proper exception handling for this scenario, causing the exception to propagate unhandled and crash the kernel, resulting in a Blue Screen of Death (BSoD) with a SYSTEM_SERVICE_EXCEPTION and STATUS_NO_MEMORY error. This flaw can be exploited by any local unprivileged user to cause a denial-of-service condition by forcing the system to crash. The attack requires no privileges, no user interaction, and no network access, limiting the attack vector to local access only. The impact is confined to system availability, with no direct compromise of confidentiality or integrity. No known public exploits or patches exist at this time, but the vulnerability is publicly disclosed with a CVSS 4.0 score of 6.9, indicating a medium risk level.
Potential Impact
The primary impact of CVE-2026-23762 is a denial-of-service condition caused by a kernel crash (BSoD) on affected Windows systems running vulnerable VB-Audio Software drivers. This can disrupt audio services and potentially affect critical systems relying on these drivers for audio processing, such as broadcasting, streaming, conferencing, or professional audio production environments. The disruption can lead to operational downtime, loss of productivity, and potential cascading effects if the affected system is part of a larger infrastructure. Since the vulnerability can be triggered by any local user without privileges, it poses a risk in multi-user environments, shared workstations, or systems exposed to untrusted users. However, the lack of remote exploitability and absence of privilege escalation or data compromise limits the overall severity. Organizations with high availability requirements or those using these audio drivers in sensitive environments should consider this a significant risk to system stability.
Mitigation Recommendations
To mitigate CVE-2026-23762, organizations should: 1) Monitor VB-Audio Software vendor communications closely for patches or updated driver releases addressing this exception handling flaw and apply them promptly once available. 2) Restrict local user access on systems running vulnerable drivers to trusted personnel only, minimizing the risk of unprivileged users triggering the DoS. 3) Implement application whitelisting and endpoint protection controls to prevent unauthorized execution of code that could attempt to exploit this vulnerability. 4) Consider isolating or segmenting systems that require these audio drivers to limit exposure and impact in case of a crash. 5) Regularly audit and monitor system logs for signs of repeated crashes or attempts to exhaust virtual address space. 6) As a temporary workaround, evaluate whether alternative audio drivers or software can replace the vulnerable VB-Audio drivers until a patch is available. 7) Educate users about the risk of local attacks and enforce strict access controls on shared or multi-user systems.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-15T18:42:20.939Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 697251f54623b1157c7bcf8f
Added to database: 1/22/2026, 4:36:05 PM
Last enriched: 3/5/2026, 9:16:43 AM
Last updated: 3/24/2026, 12:14:26 AM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.