CVE-2026-23764
📋 TL;DR
This vulnerability allows unprivileged local attackers to trigger a kernel crash (Blue Screen of Death) on Windows systems running vulnerable VB-Audio virtual audio drivers. The flaw involves corrupting a length value in user space that is later used without validation during IOCTL handling, leading to denial-of-service. Affected users include anyone running Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, VB-Audio Matrix, or Matrix Coconut software.
💻 Affected Systems
- VB-Audio Voicemeeter
- Voicemeeter Banana
- Voicemeeter Potato
- VB-Audio Matrix
- Matrix Coconut
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash (BSOD) requiring reboot, potentially causing data loss or service disruption on affected Windows machines.
Likely Case
Local denial-of-service attack where any user can crash the system, disrupting audio functionality and requiring reboot.
If Mitigated
Limited to local users only; remote attackers cannot exploit this without first gaining local access.
🎯 Exploit Status
Exploit code is publicly available on GitHub, making weaponization straightforward for attackers with local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor forums for latest updates; patches were discussed in forum posts but specific version numbers not provided in CVE details
Vendor Advisory: https://forum.vb-audio.com/viewtopic.php?p=7527#p7527
Restart Required: Yes
Instructions:
1. Visit VB-Audio website or forums. 2. Download latest versions of affected software. 3. Install updates. 4. Reboot system to load updated drivers.
🔧 Temporary Workarounds
Driver Removal
windowsUninstall or disable vulnerable VB-Audio virtual audio drivers
sc stop [driver_service_name]
sc delete [driver_service_name]
Remove via Programs and Features
Access Restriction
windowsRestrict local user access to systems running vulnerable software
🧯 If You Can't Patch
- Restrict local user access to only trusted accounts on affected systems
- Monitor for BSOD events and investigate crashes on systems running VB-Audio software
🔍 How to Verify
Check if Vulnerable:
Check installed VB-Audio software versions against affected version ranges; examine driver files in System32\drivers for vulnerable driver namesCheck Version:
Check program versions in Control Panel > Programs and Features or via software about dialogsVerify Fix Applied:
Verify updated software versions are installed and check that driver files have been updated📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing PAGE_FAULT_IN_NONPAGED_AREA crashes
- System reboots without clear cause
- Driver-related crash dumps
Network Indicators:
- None - this is a local-only vulnerability
SIEM Query:
EventID=41 OR EventID=1001 AND Source="Microsoft-Windows-Kernel-Power" AND Description contains "PAGE_FAULT_IN_NONPAGED_AREA"🔗 References
- https://forum.vb-audio.com/viewtopic.php?p=7527#p7527
- https://forum.vb-audio.com/viewtopic.php?p=7574#p7574
- https://github.com/emkaix/security-research/tree/main/CVE-2026-23764
- https://vb-audio.com/
- https://www.vulncheck.com/advisories/vb-audio-voicemeeter-and-matrix-drivers-dos-via-corrupted-ioallocatemdl-length
