CVE-2022-48836: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48836 is a vulnerability in the Linux kernel's input device driver for Aiptek tablets. The issue was discovered when Syzbot reported a warning in usbsubmiturb() caused by incorrect endpoint type checking. The vulnerability affects Linux kernel versions from 4.4 through 5.16.17 (Kernel Patch).

The vulnerability stems from improper endpoint type validation in the Aiptek tablet driver. The original code only checked for the number of endpoints using desc.bNumEndpoints but did not verify the endpoint type. This could lead to a BOGUS urb xfer warning when pipe 1 doesn't match type 3. The issue was fixed by replacing the old desc.bNumEndpoints check with the usbfindcommon_endpoints() helper function to properly validate endpoint types (Kernel Patch).

When exploited, this vulnerability could cause system warnings and potential USB device handling issues. The bug manifests as a warning in usbsubmiturb() function, which could affect the proper functioning of Aiptek tablet devices on the affected systems (Kernel Patch).

The vulnerability has been patched in the Linux kernel. The fix involves using the usbfindcommon_endpoints() helper function to properly validate endpoint types instead of just checking the number of endpoints. Users should update their Linux kernel to a version that includes this fix (Ubuntu Notice, Red Hat Advisory).