VB-Audio Voicemeeter & Matrix Drivers DoS via Corrupted IoAllocateMdl Length

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys). The drivers allocate non-paged pool and map it into user space, where a length value associated with the allocation is exposed and can be modified by an unprivileged local attacker. On subsequent IOCTL handling, the corrupted length is used directly as the IoAllocateMdl length argument without adequate integrity checks before building and mapping the MDL, which can cause a kernel crash (BSoD), typically PAGE_FAULT_IN_NONPAGED_AREA. This flaw allows a local user to trigger a denial-of-service on affected Windows systems.

N/A

使用越界的指针偏移

VB-Audio多款产品 安全漏洞

VB-Audio Voicemeeter和VB-Audio Matrix都是法国VB-Audio公司的产品。VB-Audio Voicemeeter是一个虚拟音频调音台软件。VB-Audio Matrix是一个实时音频路由软件。 VB-Audio多款产品存在安全漏洞，该漏洞源于虚拟音频驱动暴露并允许修改长度值，可能导致内核崩溃和拒绝服务。以下产品和版本受到影响：VB-Audio Voicemeeter、Voicemeeter Banana、Voicemeeter Potato 1.1.1.9及之前版本、2

N/A

N/A