CVE-2023-53502

In the Linux kernel, the following vulnerability has been resolved:

xen/netback: Fix buffer overrun triggered by unusual packet

It is possible that a guest can send a packet that contains a head + 18 slots and yet has a len <= XEN NETBACK TX COPY LEN. This causes nr slots to underflow in xenvif get requests() which then causes the subsequent loop's termination condition to be wrong, causing a buffer overrun of queue->tx map ops.

Rework the code to account for the extra frag overflow slots.

This is CVE-2023-34319 / XSA-432.