In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. sumits: added fixes and cc: stable tags] CREATE(Triage):(User=admin) [CVE-2022-48730 (https://nvd.nist.gov/vuln/detail/CVE-2022-48730)
