I've been using QubesOS for years, and I highly recommend it. Not only for security (which of course), but also for the cleanliness of not polluting your computer with a myriad of dependencies for projects you just tried once.
And of course, the high-risk activities that we all have to do at some point (now at least their risk is limited to their virtual machine) :
- curl|bash or similar
- pip install, npm install etc
- run any random github project
- sudo install the drivers of my Brother printer
- install zoom
- plug random cheap USB devices to eg update their firmware
I think you don't understand. Qubes relies on software virtualization in conjunction with hardware assisted virtualization instruction sets. The aforementioned vulnerability existed in Qubes Xen.
I'm not an expert, but how could it affect the VT-d even in principle? AFAIK VM escape is impossible with software exploits in this case, only side-channel attacks are.
And of course, the high-risk activities that we all have to do at some point (now at least their risk is limited to their virtual machine) :