The vulnerability identified as CVE-2026-23764 affects several VB-Audio Software products, including Voicemeeter (Standard, Banana, Potato) and Matrix (Matrix and Matrix Coconut) versions up to specified releases. The root cause is a CWE-823: Use of Out-of-range Pointer Offset, occurring in the virtual audio drivers (e.g., vbvoicemeetervaio64*.sys). These drivers allocate non-paged pool memory and map it into user space, exposing a length value associated with the allocation. An unprivileged local attacker can modify this length value. During subsequent IOCTL (Input Output Control) handling, the corrupted length is used directly as the length argument to IoAllocateMdl without proper integrity validation. This leads to the construction and mapping of a Memory Descriptor List (MDL) with an out-of-range length, causing a kernel crash manifested as a Blue Screen of Death (BSoD), typically with the error PAGE_FAULT_IN_NONPAGED_AREA. The vulnerability requires local access with low privileges, does not require user interaction, and does not involve remote vectors or privilege escalation. The CVSS 4.0 base score is 6.8 (medium severity), reflecting the local attack vector, low complexity, no privileges required beyond local user, and high impact on availability due to denial-of-service. No patches are currently linked, and no known exploits have been reported in the wild.

For European organizations, the primary impact is the potential for local denial-of-service attacks on Windows systems running affected VB-Audio Software products. This can disrupt audio processing workflows, critical in sectors such as media production, broadcasting, telecommunications, and any environment relying on Voicemeeter for audio routing and mixing. The kernel crashes can lead to system downtime, loss of unsaved work, and potential operational interruptions. While the vulnerability does not allow privilege escalation or remote compromise, insider threats or malware with local user privileges could exploit it to cause targeted disruptions. Organizations with shared workstations or multi-user environments are at increased risk. The impact on confidentiality and integrity is minimal; however, availability is significantly affected. Given the widespread use of these audio tools in creative and professional settings, the disruption could have cascading effects on business continuity and service delivery.

1. Restrict local user access to systems running affected VB-Audio Software products, especially limiting non-administrative users who do not require audio driver access. 2. Implement strict endpoint security controls to prevent unauthorized local access and monitor for unusual IOCTL calls or system crashes related to audio drivers. 3. Employ application whitelisting and privilege management to reduce the risk of local exploitation by malware or untrusted users. 4. Regularly back up critical data and system states to enable rapid recovery from potential BSoD-induced outages. 5. Monitor vendor communications closely for patches or updates addressing this vulnerability and apply them promptly once available. 6. Consider isolating or virtualizing audio processing environments to contain potential denial-of-service impacts. 7. Conduct user awareness training to minimize accidental triggering of the vulnerability by unprivileged users. 8. Use Windows kernel crash dump analysis tools to identify and respond quickly to incidents involving this vulnerability.