CVE-2026-23764 is a vulnerability classified under CWE-823 (Use of Out-of-range Pointer Offset) found in several VB-Audio Software products, including Voicemeeter (Standard, Banana, Potato) and VB-Audio Matrix variants. The issue resides in their virtual audio drivers (e.g., vbvoicemeetervaio64*.sys and related drivers) which allocate non-paged kernel memory and map it into user space. A length value associated with this allocation is exposed to user space and can be modified by an unprivileged local attacker. During subsequent IOCTL requests, this corrupted length is used directly as the length argument in IoAllocateMdl calls without proper integrity checks. This leads to the construction and mapping of a malformed MDL, causing a kernel crash typically manifested as a PAGE_FAULT_IN_NONPAGED_AREA Blue Screen of Death (BSoD). The flaw does not require user interaction or elevated privileges beyond local access, but it does require the attacker to have local user privileges. The impact is a denial-of-service condition on affected Windows systems running vulnerable versions of the VB-Audio drivers. The CVSS v4.0 score is 6.8 (medium severity), reflecting the local attack vector, low complexity, no privileges required beyond local user, and high impact on availability. No patches or exploits are currently publicly known, but the vulnerability poses a risk to systems where these audio drivers are installed and used.

The primary impact of CVE-2026-23764 is denial-of-service (DoS) through kernel crashes on Windows systems running vulnerable VB-Audio drivers. This can disrupt audio services and potentially affect other dependent applications, causing system instability and downtime. For organizations relying on Voicemeeter or VB-Audio Matrix products for audio routing, mixing, or processing—common in broadcasting, streaming, and professional audio environments—this can interrupt critical workflows. Although the vulnerability does not allow privilege escalation or remote code execution, the ability for any local user to trigger a system crash can be exploited by malicious insiders or malware that gains local user access, leading to service interruptions and potential operational impact. The lack of known exploits reduces immediate risk, but the medium severity and ease of triggering the crash warrant proactive mitigation. Systems exposed to multiple users or with shared access are at higher risk. The vulnerability may also affect endpoint stability in enterprise environments, impacting productivity and requiring system reboots.

Organizations should monitor VB-Audio Software announcements for patches addressing CVE-2026-23764 and apply updates promptly once available. Until patches are released, restrict local user access on systems running vulnerable VB-Audio drivers to trusted personnel only. Implement strict access controls and user privilege management to minimize the risk of unprivileged users triggering the vulnerability. Consider disabling or uninstalling VB-Audio drivers if not essential to operations, especially on multi-user or shared systems. Employ application whitelisting and endpoint protection to prevent unauthorized execution of local exploits. Monitor system logs for unusual IOCTL calls or frequent kernel crashes that may indicate exploitation attempts. For environments where audio functionality is critical, maintain regular backups and have incident response plans ready to address potential DoS incidents. Additionally, consider isolating affected systems or running them in controlled environments to limit exposure.