Description
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
Published: 2026-01-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel crash
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists in the virtual audio drivers supplied by VB‑Audio, including Voicemeeter Standard, Banana, Potato, Matrix, and Matrix Coconut. When a handle is opened with a specially crafted file attribute, the driver writes an invalid non‑pointer value into the FILE_OBJECT->FsContext field. Subsequent operations that are forwarded down the audio stack can dereference this value, causing a kernel page fault that terminates the system with a BSoD and an access violation status code. The effect is a denial‑of‑service that crashes the operating system; no confidentiality or integrity compromise is described.

Affected Systems

VB‑Audio Software provides the affected drivers: Voicemeeter Standard, Banana, Potato and the Matrix and Matrix Coconut drivers. The vulnerable releases are those ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 for the Voicemeeter family and 1.0.2.2 and 2.0.2.2 for the Matrix family. No other vendors or versions are reported as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. The EPSS score is below 1 %, suggesting a low probability of exploitation. The vulnerability is not present in the CISA KEV catalog. Attackers must have local, non‑privileged access to a Windows system and the ability to open the driver with the special file attribute. The flaw results in a kernel crash, so the chief risk is service disruption rather than data compromise.

Generated by OpenCVE AI on April 18, 2026 at 03:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest driver update from VB‑Audio that corrects the FsContext initialization flaw.
  • If an update is temporarily unavailable, disable or remove the vulnerable VB‑Audio drivers so they are not loaded into the operating system.
  • Continuously monitor system event logs for kernel‑mode crash events related to the audio driver and apply the fix when released.

Generated by OpenCVE AI on April 18, 2026 at 03:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Twistedmatrix
Twistedmatrix twistedweb
CPEs cpe:2.3:a:twistedmatrix:twistedweb:*:*:*:*:*:*:*:*
Vendors & Products Twistedmatrix
Twistedmatrix twistedweb

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Vb-audio Software
Vb-audio Software matrix
Vb-audio Software matrix Coconut
Vb-audio Software voicemeeter
Vb-audio Software voicemeeter Banana
Vb-audio Software voicemeeter Potato
Vendors & Products Vb-audio Software
Vb-audio Software matrix
Vb-audio Software matrix Coconut
Vb-audio Software voicemeeter
Vb-audio Software voicemeeter Banana
Vb-audio Software voicemeeter Potato

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
Description VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). When a handle is opened with a special file attribute value, the drivers improperly initialize FILE_OBJECT->FsContext to a non-pointer magic value. If subsequent operations are not handled by the VB-Audio driver and are forwarded down the audio driver stack (e.g., via PortCls to ks.sys), the invalid FsContext value can be dereferenced, causing a kernel crash (BSoD), typically SYSTEM_SERVICE_EXCEPTION with STATUS_ACCESS_VIOLATION. This flaw allows a local unprivileged user to trigger a denial-of-service on affected Windows systems.
Title VB-Audio Voicemeeter & Matrix Drivers DoS via Improper FILE_OBJECT FsContext Initialization
Weaknesses CWE-824
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Twistedmatrix Twistedweb
Vb-audio Software Matrix Matrix Coconut Voicemeeter Voicemeeter Banana Voicemeeter Potato
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:30:24.283Z

Reserved: 2026-01-15T18:42:20.938Z

Link: CVE-2026-23761

cve-icon Vulnrichment

Updated: 2026-01-22T16:41:32.034Z

cve-icon NVD

Status : Deferred

Published: 2026-01-22T17:16:37.320

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:45:21Z

Weaknesses