CVE-2026-23763
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in VB-Audio Matrix and Matrix Coconut virtual audio drivers. An unprivileged local attacker can exploit improper memory mapping to read and write kernel memory, potentially gaining SYSTEM privileges. Users of affected VB-Audio software versions are vulnerable.
💻 Affected Systems
- VB-Audio Matrix
- VB-Audio Matrix Coconut
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, credential theft, and full control over the affected system.
Likely Case
Local privilege escalation to SYSTEM by a malicious user or malware already present on the system, leading to lateral movement and persistence establishment.
If Mitigated
Limited impact if proper endpoint security controls detect driver manipulation and restrict local user privileges.
🎯 Exploit Status
Exploitation requires local access but is relatively straightforward with published proof-of-concept code available on GitHub.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Matrix 1.0.2.3 and Matrix Coconut 2.0.2.3
Vendor Advisory: https://forum.vb-audio.com/viewtopic.php?p=7574#p7574
Restart Required: Yes
Instructions:
1. Download latest version from vb-audio.com. 2. Uninstall current version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Driver Removal
windowsUninstall the vulnerable VB-Audio Matrix drivers to eliminate the attack surface
sc stop VBMatrixVAIO64
sc delete VBMatrixVAIO64
Uninstall via Programs and Features
Access Control
windowsRestrict access to the vulnerable driver device using Windows security descriptors
icacls "\\.\VBMatrixVAIO64" /deny Everyone:(R,W)
🧯 If You Can't Patch
- Restrict local user privileges to prevent exploitation
- Monitor for suspicious driver access attempts using endpoint detection
🔍 How to Verify
Check if Vulnerable:
Check driver version in Device Manager under Sound, video and game controllers for VB-Audio Matrix devices, or run: driverquery | findstr vbmatrixCheck Version:
wmic datafile where name='C:\\Windows\\System32\\drivers\\vbmatrixvaio64_win10.sys' get versionVerify Fix Applied:
Verify installed version is 1.0.2.3 or higher for Matrix, or 2.0.2.3 or higher for Matrix Coconut📡 Detection & Monitoring
Log Indicators:
- Event ID 7045: Service installation for VBMatrixVAIO64
- Suspicious access to \Device\VBMatrixVAIO64
- Driver load events for vbmatrixvaio64_win10.sys
Network Indicators:
- None - this is a local-only vulnerability
SIEM Query:
EventID=7045 AND ServiceName="VBMatrixVAIO64" OR ProcessName="*" AND TargetObject="\\Device\\VBMatrixVAIO64"🔗 References
- https://forum.vb-audio.com/viewtopic.php?p=7527#p7527
- https://forum.vb-audio.com/viewtopic.php?p=7574#p7574
- https://github.com/emkaix/security-research/tree/main/CVE-2026-23763
- https://vb-audio.com/
- https://www.vulncheck.com/advisories/vb-audio-matrix-drivers-local-privilege-escalation-via-kernel-memory-exposure
