CVE-2023-54081 (GCVE-0-2023-54081)

Vulnerability from cvelistv5 – Published: 2025-12-24 13:06 – Updated: 2025-12-24 13:06
VLAI?
Title
xen: speed up grant-table reclaim
Summary
In the Linux kernel, the following vulnerability has been resolved: xen: speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to unmap the grant first. However, Qubes OS's GUI protocol is subject to the constraints of the X Window System, and as such winds up with the frontend unmapping the window first. As a result, the list can grow very large, resulting in a massive memory leak and eventual VM freeze. To partially solve this problem, make the number of entries that the VM will attempt to free at each iteration tunable. The default is still 10, but it can be overridden via a module parameter. This is Cc: stable because (when combined with appropriate userspace changes) it fixes a severe performance and stability problem for Qubes OS users.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cd1a8952ff529adc210e62306849fd6f256608c0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c76d96c555895ac602c1587b001e5cf656abc371 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c04e9894846c663f3278a414f34416e6e45bbe68 (git)
Create a notification for this product.
    Linux Linux Unaffected: 6.1.43 , ≤ 6.1.* (semver)
Unaffected: 6.4.8 , ≤ 6.4.* (semver)
Unaffected: 6.5 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "Documentation/ABI/testing/sysfs-module",
            "drivers/xen/grant-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cd1a8952ff529adc210e62306849fd6f256608c0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c76d96c555895ac602c1587b001e5cf656abc371",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c04e9894846c663f3278a414f34416e6e45bbe68",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "Documentation/ABI/testing/sysfs-module",
            "drivers/xen/grant-table.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.43",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: speed up grant-table reclaim\n\nWhen a grant entry is still in use by the remote domain, Linux must put\nit on a deferred list.  Normally, this list is very short, because\nthe PV network and block protocols expect the backend to unmap the grant\nfirst.  However, Qubes OS\u0027s GUI protocol is subject to the constraints\nof the X Window System, and as such winds up with the frontend unmapping\nthe window first.  As a result, the list can grow very large, resulting\nin a massive memory leak and eventual VM freeze.\n\nTo partially solve this problem, make the number of entries that the VM\nwill attempt to free at each iteration tunable.  The default is still\n10, but it can be overridden via a module parameter.\n\nThis is Cc: stable because (when combined with appropriate userspace\nchanges) it fixes a severe performance and stability problem for Qubes\nOS users."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:06:13.316Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cd1a8952ff529adc210e62306849fd6f256608c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c76d96c555895ac602c1587b001e5cf656abc371"
        },
        {
          "url": "https://git.kernel.org/stable/c/c04e9894846c663f3278a414f34416e6e45bbe68"
        }
      ],
      "title": "xen: speed up grant-table reclaim",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54081",
    "datePublished": "2025-12-24T13:06:13.316Z",
    "dateReserved": "2025-12-24T13:02:52.515Z",
    "dateUpdated": "2025-12-24T13:06:13.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54081\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:09.950\",\"lastModified\":\"2025-12-24T13:16:09.950\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxen: speed up grant-table reclaim\\n\\nWhen a grant entry is still in use by the remote domain, Linux must put\\nit on a deferred list.  Normally, this list is very short, because\\nthe PV network and block protocols expect the backend to unmap the grant\\nfirst.  However, Qubes OS\u0027s GUI protocol is subject to the constraints\\nof the X Window System, and as such winds up with the frontend unmapping\\nthe window first.  As a result, the list can grow very large, resulting\\nin a massive memory leak and eventual VM freeze.\\n\\nTo partially solve this problem, make the number of entries that the VM\\nwill attempt to free at each iteration tunable.  The default is still\\n10, but it can be overridden via a module parameter.\\n\\nThis is Cc: stable because (when combined with appropriate userspace\\nchanges) it fixes a severe performance and stability problem for Qubes\\nOS users.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/c04e9894846c663f3278a414f34416e6e45bbe68\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c76d96c555895ac602c1587b001e5cf656abc371\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cd1a8952ff529adc210e62306849fd6f256608c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.