A vulnerability in Intel's EPT paging code has been identified, which allows attackers to access unintended memory regions on Qubes OS systems using x86 Intel hardware. Users are advised to apply updates that include specific Xen packages, such as versions 4.17.6-3 or 4.19.4-5, depending on their Qubes version. Following a restart of Dom0, Anti Evil Maid users must reseal their secret passphrase due to changes in PCR values caused by the new Xen binaries. This issue has been documented in Qubes Security Bulletin 110 (QSB-110) regarding the use after free of paging structures in EPT (XSA-480)
EPT security update for Qubes OS
A vulnerability in the Intel EPT paging code allows attackers to access unintended memory regions due to transiently cached freed pages. This bulletin impacts Qubes OS systems running on x86 Intel hardware where stale entries could point to memory ranges not owned by the guest. Users must apply standard updates to install specific Xen packages like version 4.17.6-3 or 4.19.4-5 based on their Qubes version. After a Dom0 restart, Anti Evil Maid users will need to reseal their secret passphrase as PCR values change due to new Xen binaries.
