{"id":"CVE-2022-26966","details":"An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.","aliases":["A-225469258","PUB-A-225469258"],"modified":"2026-03-15T22:44:02.197439Z","published":"2022-03-12T22:15:08.690Z","related":["SUSE-SU-2022:1038-1","SUSE-SU-2022:1039-1","SUSE-SU-2022:1196-1","SUSE-SU-2022:1197-1","SUSE-SU-2022:1255-1","SUSE-SU-2022:1256-1","SUSE-SU-2022:1257-1","SUSE-SU-2022:1266-1","SUSE-SU-2022:1267-1","SUSE-SU-2022:1270-1","SUSE-SU-2022:1283-1","SUSE-SU-2022:1402-1","openSUSE-SU-2022:1039-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220419-0001/"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9da0b56fe27206b49f39805f7dcda8a89379062"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.16.12"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26966.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}