The vulnerability exists in the virtual audio drivers for VB‑Audio’s Voicemeeter, Voicemeeter Banana, Voicemeeter Potato, Matrix, and Matrix Coconut. The drivers mistakenly expose non‑paged pool memory to user space through MmMapLockedPagesSpecifyCache with UserMode access, and they lack proper exception handling. When the mapping fails—such as when a process has exhausted virtual address space—an uncaught exception triggers a kernel crash, producing a blue‑screen loss of service. The flaw is limited to a local unprivileged user and results in a SYSTEM_SERVICE_EXCEPTION with STATUS_NO_MEMORY. The impact is a complete denial of service on the affected Windows system. The flaw is not exploitable for privilege escalation or data exfiltration; it simply forces a reboot or crash, so confidentiality and integrity are not directly affected. The affected code resides in the driver files vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys.

VB‑Audio Software markets several products that are impacted: Voicemeeter (Standard), Voicemeeter Banana, and Voicemeeter Potato, each of which has a vulnerable release ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 respectively, and older versions. The Matrix and Matrix Coconut audio drivers are also vulnerable in builds ending in 1.0.2.2 and 2.0.2.2, respectively.

The CVSS score for this issue is 6.9, indicating moderate severity. The EPSS score is below 1 %, meaning that at the time of analysis the estimated exploitation probability is very low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a local user with an unprivileged account running a process that can intentionally or inadvertently consume all available virtual address space to cause the mapping to fail. Once triggered, the kernel crashes, leading to a system reboot. The attack is straightforward: any user with the ability to run a custom process can exhaust address space and trigger the fault. No network interaction or elevated privileges are required. Because the flaw results only in a denial of service, the risk to confidentiality or integrity is negligible; the concern is operational availability.