CVE & CISA-KEV Catalog

CVE-2023-54081

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very large, resulting in a massive memory leak and eventual VM freeze. To partially solve this problem, make the number of entries that the VM will attempt to free at each iteration tunable. The default is still 10, but it can be overridden via a module parameter. This is Cc: stable because (when combined with appropriate userspace changes) it fixes a severe performance and stability problem for Qubes OS users.

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.52-1CVE-2023-54081
Fixed in:6.4.11-1CVE-2023-54081
Fixed in:6.4.11-1CVE-2023-54081

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Embed a live status badge for CVE-2023-54081
CVE-2023-54081 severity badge

Markdown

[![CVE-2023-54081](https://tridentstack.com/cve/badge/CVE-2023-54081.svg)](https://tridentstack.com/cve/CVE-2023-54081)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-54081"><img src="https://tridentstack.com/cve/badge/CVE-2023-54081.svg" alt="CVE-2023-54081"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-29.