CVE-2026-23762 (GCVE-0-2026-23762)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:17 – Updated: 2026-05-14 02:09
VLAI
Title
VB-Audio Voicemeeter & Matrix Drivers DoS via MmMapLockedPagesSpecifyCache
Summary
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-755 - Improper Handling of Exceptional Conditions
Assigner
Credits
Klaus Hahnenkamp
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23762",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T18:24:43.861785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T18:24:52.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "vbvoicemeetervaio64*_win10.sys",
            "vbaudio_vmauxvaio*.sys",
            "vbaudio_vmvaio*.sys",
            "vbaudio_vmvaio3*.sys"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Voicemeeter (Standard)",
          "vendor": "VB-Audio Software",
          "versions": [
            {
              "lessThanOrEqual": "1.1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "vbvoicemeetervaio64*_win10.sys",
            "vbaudio_vmauxvaio*.sys",
            "vbaudio_vmvaio*.sys",
            "vbaudio_vmvaio3*.sys"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Voicemeeter Banana",
          "vendor": "VB-Audio Software",
          "versions": [
            {
              "lessThanOrEqual": "2.1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "vbvoicemeetervaio64*_win10.sys",
            "vbaudio_vmauxvaio*.sys",
            "vbaudio_vmvaio*.sys",
            "vbaudio_vmvaio3*.sys"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Voicemeeter Potato",
          "vendor": "VB-Audio Software",
          "versions": [
            {
              "lessThanOrEqual": "3.1.1.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "vbmatrixvaio64*_win10.sys"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Matrix",
          "vendor": "VB-Audio Software",
          "versions": [
            {
              "lessThanOrEqual": "1.0.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "vbmatrixvaio64*_win10.sys"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Matrix Coconut",
          "vendor": "VB-Audio Software",
          "versions": [
            {
              "lessThanOrEqual": "2.0.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:twistedmatrix:twistedweb:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.0.2.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Klaus Hahnenkamp"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems."
            }
          ],
          "value": "VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:09:26.792Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://github.com/emkaix/security-research/tree/main/CVE-2026-23762"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://forum.vb-audio.com/viewtopic.php?p=7574#p7574"
        },
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://forum.vb-audio.com/viewtopic.php?p=7527#p7527"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://vb-audio.com/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-mmmaplockedpagesspecifycache"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "VB-Audio Voicemeeter \u0026 Matrix Drivers DoS via MmMapLockedPagesSpecifyCache",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-23762",
    "datePublished": "2026-01-22T16:17:31.516Z",
    "dateReserved": "2026-01-15T18:42:20.939Z",
    "dateUpdated": "2026-05-14T02:09:26.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23762",
      "date": "2026-07-09",
      "epss": "0.00182",
      "percentile": "0.07946"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23762\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-01-22T17:16:37.480\",\"lastModified\":\"2026-06-17T10:22:04.310\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.\"},{\"lang\":\"es\",\"value\":\"VB-Audio Voicemeeter, Voicemeeter Banana y Voicemeeter Potato (versiones que terminan en 1.1.1.9, 2.1.1.9 y 3.1.1.9 y anteriores, respectivamente), as\u00ed como VB-Audio Matrix y Matrix Coconut (versiones que terminan en 1.0.2.2 y 2.0.2.2 y anteriores, respectivamente), contienen una vulnerabilidad en sus controladores de audio virtuales (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys y vbaudio_vmvaio3*.sys). Los controladores mapean memoria del pool no paginado en el espacio de usuario a trav\u00e9s de MmMapLockedPagesSpecifyCache utilizando acceso en modo usuario sin un manejo adecuado de excepciones. Si el mapeo falla, como cuando un proceso ha agotado el espacio de direcciones virtual disponible, MmMapLockedPagesSpecifyCache genera una excepci\u00f3n que no es capturada, causando un fallo del kernel (BSoD), t\u00edpicamente SYSTEM_SERVICE_EXCEPTION con STATUS_NO_MEMORY. Esta falla permite a un usuario local sin privilegios activar una denegaci\u00f3n de servicio en sistemas Windows afectados.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"VB-Audio Software\",\"product\":\"Voicemeeter (Standard)\",\"defaultStatus\":\"unaffected\",\"modules\":[\"vbvoicemeetervaio64*_win10.sys\",\"vbaudio_vmauxvaio*.sys\",\"vbaudio_vmvaio*.sys\",\"vbaudio_vmvaio3*.sys\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"1.1.1.9\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"VB-Audio Software\",\"product\":\"Voicemeeter Banana\",\"defaultStatus\":\"unaffected\",\"modules\":[\"vbvoicemeetervaio64*_win10.sys\",\"vbaudio_vmauxvaio*.sys\",\"vbaudio_vmvaio*.sys\",\"vbaudio_vmvaio3*.sys\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2.1.1.9\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"VB-Audio Software\",\"product\":\"Voicemeeter Potato\",\"defaultStatus\":\"unaffected\",\"modules\":[\"vbvoicemeetervaio64*_win10.sys\",\"vbaudio_vmauxvaio*.sys\",\"vbaudio_vmvaio*.sys\",\"vbaudio_vmvaio3*.sys\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"3.1.1.9\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"VB-Audio Software\",\"product\":\"Matrix\",\"defaultStatus\":\"unaffected\",\"modules\":[\"vbmatrixvaio64*_win10.sys\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"1.0.2.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"VB-Audio Software\",\"product\":\"Matrix Coconut\",\"defaultStatus\":\"unaffected\",\"modules\":[\"vbmatrixvaio64*_win10.sys\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2.0.2.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-22T18:24:43.861785Z\",\"id\":\"CVE-2026-23762\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"references\":[{\"url\":\"https://forum.vb-audio.com/viewtopic.php?p=7527#p7527\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://forum.vb-audio.com/viewtopic.php?p=7574#p7574\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://github.com/emkaix/security-research/tree/main/CVE-2026-23762\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://vb-audio.com/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-mmmaplockedpagesspecifycache\",\"source\":\"disclosure@vulncheck.com\"}]}}",
    "redhat_vex": {
      "current_release_date": "2026-03-27T08:02:30+00:00",
      "cve": "CVE-2026-23762",
      "id": "CVE-2026-23762",
      "initial_release_date": "2026-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "VB-Audio Voicemeeter \u0026 Matrix Drivers DoS via MmMapLockedPagesSpecifyCache",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23762.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23762\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-22T18:24:43.861785Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-22T18:24:48.989Z\"}}], \"cna\": {\"title\": \"VB-Audio Voicemeeter \u0026 Matrix Drivers DoS via MmMapLockedPagesSpecifyCache\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Klaus Hahnenkamp\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VB-Audio Software\", \"modules\": [\"vbvoicemeetervaio64*_win10.sys\", \"vbaudio_vmauxvaio*.sys\", \"vbaudio_vmvaio*.sys\", \"vbaudio_vmvaio3*.sys\"], \"product\": \"Voicemeeter (Standard)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1.1.9\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VB-Audio Software\", \"modules\": [\"vbvoicemeetervaio64*_win10.sys\", \"vbaudio_vmauxvaio*.sys\", \"vbaudio_vmvaio*.sys\", \"vbaudio_vmvaio3*.sys\"], \"product\": \"Voicemeeter Banana\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1.1.9\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VB-Audio Software\", \"modules\": [\"vbvoicemeetervaio64*_win10.sys\", \"vbaudio_vmauxvaio*.sys\", \"vbaudio_vmvaio*.sys\", \"vbaudio_vmvaio3*.sys\"], \"product\": \"Voicemeeter Potato\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.1.1.9\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VB-Audio Software\", \"modules\": [\"vbmatrixvaio64*_win10.sys\"], \"product\": \"Matrix\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.2.2\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VB-Audio Software\", \"modules\": [\"vbmatrixvaio64*_win10.sys\"], \"product\": \"Matrix Coconut\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0.2.2\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/emkaix/security-research/tree/main/CVE-2026-23762\", \"tags\": [\"technical-description\", \"exploit\"]}, {\"url\": \"https://forum.vb-audio.com/viewtopic.php?p=7574#p7574\", \"tags\": [\"release-notes\", \"patch\"]}, {\"url\": \"https://forum.vb-audio.com/viewtopic.php?p=7527#p7527\", \"tags\": [\"release-notes\", \"patch\"]}, {\"url\": \"https://vb-audio.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-mmmaplockedpagesspecifycache\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers map non-paged pool memory into user space via MmMapLockedPagesSpecifyCache using UserMode access without proper exception handling. If the mapping fails, such as when a process has exhausted available virtual address space, MmMapLockedPagesSpecifyCache raises an exception that is not caught, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755 Improper Handling of Exceptional Conditions\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:twistedmatrix:twistedweb:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.0.2.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-05-14T02:09:26.792Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-23762\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T02:09:26.792Z\", \"dateReserved\": \"2026-01-15T18:42:20.939Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-01-22T16:17:31.516Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…