216.73.217.80

CVE-2026-23764

· Published 22/01/2026 17:16 · Modified 22/01/2026 17:16

Labels: CVE-2026-23764 2026-01-22CVE-2026-23764CWE-823[email protected]

Essential information

Published
22/01/2026 17:16
Modified
22/01/2026 17:16
Author
Creator
CVSS
6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers allocate non-paged pool and map it into user space, where a length value associated with the allocation is exposed and can be modified by an unprivileged local attacker. On subsequent IOCTL handling, the corrupted length is used directly as the IoAllocateMdl length argument without adequate integrity checks before building and mapping the MDL, which can cause a kernel crash (BSoD), typically PAGE_FAULT_IN_NONPAGED_AREA. This flaw allows a local user to trigger a denial-of-service on affected Windows systems.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vb-audio / voicemeeter cpe:2.3:a:vb-audio:voicemeeter:*:*:*:*:*:*:*:*
vb-audio / voicemeeter banana cpe:2.3:a:vb-audio:voicemeeter_banana:*:*:*:*:*:*:*:*
vb-audio / voicemeeter potato cpe:2.3:a:vb-audio:voicemeeter_potato:*:*:*:*:*:*:*:*
vb-audio / matrix cpe:2.3:a:vb-audio:matrix:*:*:*:*:*:*:*:*
vb-audio / matrix coconut cpe:2.3:a:vb-audio:matrix_coconut:*:*:*:*:*:*:*:*

References