EPT security update for Qubes OS

Qubes OS 60 Published 2026-03-18 08:10 by Philipp Esselbach

News

A vulnerability in the Intel EPT paging code allows attackers to access unintended memory regions due to transiently cached freed pages. This bulletin impacts Qubes OS systems running on x86 Intel hardware where stale entries could point to memory ranges not owned by the guest. Users must apply standard updates to install specific Xen packages like version 4.17.6-3 or 4.19.4-5 based on their Qubes version. After a Dom0 restart, Anti Evil Maid users will need to reseal their secret passphrase as PCR values change due to new Xen binaries.

QSB-110: Use after free of paging structures in EPT (XSA-480)

We have published Qubes Security Bulletin (QSB) 110: Use after free of paging structures in EPT (XSA-480). The text of this QSB and its accompanying cryptographic signatures are reproduced below, followed by a general explanation of this announcement and authentication instructions.

QSB-110: Use after free of paging structures in EPT (XSA-480)

Linux Kernel, LibSSH, VIM, Snapd updates for Ubuntu

KDE Plasma 6.6.3 released

EPT security update for Qubes OS

QSB-110: Use after free of paging structures in EPT (XSA-480)

Windows

Linux

macOS

Community