diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml
index c8e41cd05a..3d5e139752 100644
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -239,7 +239,17 @@ nova_compute_ironic_image: "{{ docker_registry ~ '/' if docker_registry else ''
 nova_compute_ironic_tag: "{{ nova_tag }}"
 nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute_ironic_tag }}"
 
-nova_libvirt_dimensions: "{{ default_container_dimensions }}"
+nova_libvirt_default_dimensions:
+  ulimits:
+    # NOTE(yoctozepto): This limit bump is required for cgroupsv2 which use eBPF
+    # to filter devices. See also LP#1941940. The new value is said to support
+    # up to 4096 guests (see libvirtd systemd service file from Debian Bullseye
+    # libvirt-daemon-system package for details).
+    memlock:
+      soft: 67108864  # 64 MiB
+      hard: 67108864  # 64 MiB
+
+nova_libvirt_dimensions: "{{ default_container_dimensions | combine(nova_libvirt_default_dimensions, recursive=True) }}"
 nova_ssh_dimensions: "{{ default_container_dimensions }}"
 nova_novncproxy_dimensions: "{{ default_container_dimensions }}"
 nova_spicehtml5proxy_dimensions: "{{ default_container_dimensions }}"
diff --git a/releasenotes/notes/bug-1941940-c63265ea6ea2f594.yaml b/releasenotes/notes/bug-1941940-c63265ea6ea2f594.yaml
new file mode 100644
index 0000000000..7b33dbe6ae
--- /dev/null
+++ b/releasenotes/notes/bug-1941940-c63265ea6ea2f594.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+  - |
+    Fixes inability to attach devices (e.g., volumes via iSCSI/FC)
+    to instances on Debian Bullseye.
+    `LP#1941940 <https://launchpad.net/bugs/1941940>`__
+upgrade:
+  - |
+    To fix LP#1941940, ``nova_libvirt_dimensions`` now by default combines with
+    ``nova_libvirt_default_dimensions``. Please consider this when customising
+    that variable.