VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54081

CVE-2023-54081

Description

In the Linux kernel, the following vulnerability has been resolved:

xen: speed up grant-table reclaim

When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very large, resulting in a massive memory leak and eventual VM freeze.

To partially solve this problem, make the number of entries that the VM will attempt to free at each iteration tunable. The default is still 10, but it can be overridden via a module parameter.

This is Cc: stable because (when combined with appropriate userspace changes) it fixes a severe performance and stability problem for Qubes OS users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Linux kernel grant-table reclaim issue causes memory leaks and VM freezes in Qubes OS; a new module parameter tunes the deferred list processing rate.

Overview

A vulnerability in the Linux kernel's grant-table reclaim mechanism allows the deferred list of grant entries to grow excessively large. Normally, the list is small because PV network and block protocols expect the backend to unmap first, but Qubes OS's GUI protocol (constrained by the X Window System) results in the frontend unmapping window grants first, leading to a massive memory leak and eventual VM freeze [1].

Root

Cause When a grant entry remains in use by the remote domain, the kernel places it on a deferred list. While the code processes 10 entries per iteration by default, under the Qubes GUI workload the list can accumulate far more entries than can be freed per cycle, causing unbounded growth [1].

Impact

An attacker with access to the Qubes GUI protocol path (or any scenario causing deferred list buildup) can exhaust system memory, leading to a denial of service (VM freeze). The vulnerability does not require authentication beyond local access to trigger, as it stems from normal grant-table operations [1].

Mitigation

The fix, committed to the Linux kernel stable tree, introduces a module parameter (gnttab_max_free_entries) to make the number of entries freed per iteration tunable. The default remains 10, but administrators can increase it to handle workloads like Qubes OS's GUI protocol, preventing the memory leak and VM freeze [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
cd1a8952ff52
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c76d96c55589
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c04e9894846c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.