CVE-2026-23763

Name of the Vulnerable Software and Affected Versions VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and earlier VB-Audio Matrix Coconut versions ending in 2.0.2.2 and earlier

Description The VB-Audio Matrix and Matrix Coconut software contain a local privilege escalation issue within the VBMatrix VAIO virtual audio driver (vbmatrixvaio64* win10.sys). The driver allocates a 128-byte non-paged pool buffer and, when receiving IOCTL 0x222060, maps it into user space using an MDL and MmMapLockedPagesSpecifyCache. Due to the allocation size not being page-aligned, the mapping exposes the entire 0x1000-byte kernel page, including adjacent non-paged pool allocations, with read/write permissions. A local attacker can open a device handle with the required 0x800 attribute flag, invoke the IOCTL to obtain the mapping, and then read or modify live kernel objects and pointers on that page. This can bypass Kernel Address Space Layout Randomization (KASLR), allow arbitrary kernel memory read/write within the exposed page, corrupt kernel objects, and lead to SYSTEM-level privileges.

Recommendations Versions ending in 1.0.2.2 and earlier: Update to a newer version. Versions ending in 2.0.2.2 and earlier: Update to a newer version.