I’m not sure the brand/PC has any impact on this topic at all. It’s included in the title but other than that’s there’s little to no relevance to the topic. He’s asking about microcode mitigations which are not PC brand/model specific rather whole groups of Intel processor families and can be updated outside of the control of Nitro key at all. He also had questions about MMIO vulns showing, which is a question I have as well as both the processor he mentioned and mine DO have microcode updates to mitigate this issue and shouldn’t be showing on lscpu.
The i7-10510U cpu in his devices (CPUID 806EC) can be found in this chart previously linked. The MMIO vuln he had quesitons about is INTEL-SA-00615 by following that chart linked (ctrl+f 806EC) and scrolling over to the INTEL-SA-00615 column you can see this issue on his processor WAS mitigated with a microcode update. He should not be getting that vuln message in Qubes. You said your Nitro is a i7-10610U, which is also cpuid 806EC family abbreviation CML-U62. You reported a microcode version 000000f0this isn’t correct for your machine either you should have 000000f8 as your newest microcode.