Qubes OS has released Security Bulletin 113 to address a vulnerability (XSA-490) found in AMD Zen 2 processors, which could permit malicious code to escape virtual machine sandboxes and gain kernel privileges. Only systems with this specific microarchitecture are at risk, while Intel CPUs and other AMD models are unaffected. Users are advised to update their Xen packages through the Qubes Update interface and perform a full system restart in dom0 to apply the fix. Additionally, users of the Anti Evil Maid feature should reseal their secret passphrase due to changes in the underlying security measurements after the update

AMD CPU Opcode Cache corruption update for Qubes OS

Qubes OS released Security Bulletin 113 to patch XSA-490, a processor flaw in AMD Zen 2 chips that could allow malicious code to escape virtual machine sandboxes and gain full kernel privileges. Only systems running that specific microarchitecture face this risk since Intel CPUs and other AMD designs remain completely unaffected. You can fix the problem by installing the updated Xen packages through the normal Qubes Update interface followed by a full system restart in dom0. People using Anti Evil Maid should remember to reseal their secret passphrase because the underlying security measurements will change once the new binaries take over.

QSB-113: AMD CPU Opcode Cache corruption (XSA-490)

AMD CPU Opcode Cache corruption update for Qubes OS @ Linux Compatible