CVE-2023-54081
Memory Leak in Linux Xen Grant-Table Causes VM Freeze
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qubesos | qubes_os | * |
| linux | linux_kernel | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's Xen grant-table reclaim process. When a grant entry is still in use by a remote domain, it must be placed on a deferred list. Normally, this list remains short because the backend unmaps the grant first. However, in Qubes OS's GUI protocol, due to constraints of the X Window System, the frontend unmaps the window first, causing the deferred list to grow very large. This leads to a massive memory leak and can eventually cause the virtual machine to freeze. The fix involves making the number of entries freed per iteration tunable to mitigate the problem.
How can this vulnerability impact me? :
This vulnerability can cause a massive memory leak in the affected virtual machine, which can lead to the VM freezing and becoming unresponsive. This impacts system stability and performance, especially for users of Qubes OS using the affected GUI protocol.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the grant-table reclaim issue. Additionally, you can tune the number of grant entries the VM attempts to free at each iteration via the module parameter, adjusting it from the default of 10 to better manage memory usage and prevent VM freezes.