Qubes OS released Security Bulletin 113 to patch XSA-490, a processor flaw in AMD Zen 2 chips that could allow malicious code to escape virtual machine sandboxes and gain full kernel privileges. Only systems running that specific microarchitecture face this risk since Intel CPUs and other AMD designs remain completely unaffected. You can fix the problem by installing the updated Xen packages through the normal Qubes Update interface followed by a full system restart in dom0. People using Anti Evil Maid should remember to reseal their secret passphrase because the underlying security measurements will change once the new binaries take over.

QSB-113: AMD CPU Opcode Cache corruption (XSA-490)

QSB-113: AMD CPU Opcode Cache corruption (XSA-490)

We have published Qubes Security Bulletin (QSB) 113: AMD CPU Opcode Cache corruption (XSA-490). The text of this QSB and its accompanying cryptographic signatures are reproduced below, followed by a general explanation of this announcement and authentication instructions.

Qubes Security Bulletin 113


---===[ Qubes Security Bulletin 113 ]===---

2026-05-12

AMD CPU Opcode Cache corruption (XSA-490)

User action
------------

Continue to update normally [1] in order to receive the security updates
described in the "Patching" section below. No other user action is
required in response to this QSB.

Summary
--------

On 2026-05-12, the Xen Project published XSA-490, "x86: CPU Opcode Cache
corruption" (CVE-2025-54518) [3]:
| AMD have disclosed a potential vulnerability in certain CPUs which can
| cause instructions to execute at a higher privilege.

For more information, see AMD's "CPU OP Cache Corruption" advisory. [4]

Impact
-------

On affected systems, an attacker can attempt to exploit this
vulnerability in order to:
- escalate privileges from userspace to the kernel inside of a given
qube in order to escape sandboxes inside that qube
- compromise Qubes OS itself

Affected systems
-----------------

Only AMD Zen 2 systems are affected. Systems with other AMD
microarchitectures and systems with Intel processors are not affected.

Patching
---------

The following packages contain security updates that address the
vulnerabilities described in this bulletin:

For Qubes 4.2, in dom0:
- Xen packages, version 4.17.6-5
For Qubes 4.3, in dom0:
- Xen packages, version 4.19.4-8

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [2] Once available, the packages should be installed
via the Qubes Update tool or its command-line equivalents. [1]

Dom0 must be restarted afterward in order for the updates to take
effect.

If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new Xen
binaries.

Credits
--------

See AMD's "CPU OP Cache Corruption" advisory. [4]

References
-----------

[1] https://doc.qubes-os.org/en/latest/user/how-to-guides/how-to-update.html
[2] https://doc.qubes-os.org/en/latest/user/downloading-installing-upgrading/testing.html
[3] https://xenbits.xen.org/xsa/advisory-490.html
[4] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html

The Qubes Security Team
https://www.qubes-os.org/security/



Source: qsb-113-2026.txt

Marek Marczykowski-Górecki’s PGP signature