What were you trying to do that didn't work?
Windows 11 desktops are crashing after apply Microsoft June security patches.

Security patch:
KB5063060 or KB5060842 or KB5059502 or KB5058499

Host:
[root@dell-per7525-07 home]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 43 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 64
On-line CPU(s) list: 0-63
Vendor ID: AuthenticAMD
BIOS Vendor ID: AMD
Model name: AMD EPYC 7302 16-Core Processor
BIOS Model name: AMD EPYC 7302 16-Core Processor CPU @ 3.0GHz

Please provide the package NVR for which bug is seen:
qemu-kvm-10.0.0-4.el10.x86_64
edk2-ovmf-20250221-3.el10.noarch
seabios-bin-1.16.3-7.el10.noarch
kernel-6.12.0-89.el10.x86_64
swtpm-0.9.0-5.el10.x86_64
virtio-win-1.9.45.iso

How reproducible:
always

Steps to reproduce
1.Install and start a Win11 24h2 vm with "-cpu host"

2.Inside VM, enable Windows update, and some windows patches were applied, including KB5063060.

3.Restart VM, it crashed with BSOD

4.Start VM with -cpu 'EPYC-Rome', it started successfully.

5.Start VM with -cpu 'EPYC-Rome' and some flags, vm crashed with BSOD.
-cpu 'EPYC-Rome',x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,spec-ctrl=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,cmp-legacy=on,overflow-recov=on,succor=on,ibrs=on,amd-ssbd=on,virt-ssbd=on,lbrv=on,tsc-scale=on,vmcb-clean=on,flushbyasid=on,pause-filter=on,pfthreshold=on,v-vmsave-vmload=on,vgif=on,svme-addr-chk=on,lfence-always-serializing=on,null-sel-clr-base=on,ibpb-brtype=on,rdctl-no=on,skip-l1dfl-vmentry=on,mds-no=on,pschange-mc-no=on,gds-no=on,rfds-no=on,hv_stimer,hv_synic,hv_vpindex,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time,hv_frequencies,hv_runtime,hv_tlbflush,hv_reenlightenment,hv_stimer_direct,hv_ipi,hv-xmm-input,hv_tlbflush_ext,kvm_pv_unhalt=on \

6. Using bisection method to check which flag cause the crash,and finally found out that "arch-capabilities=on" caused the BSOD

Expected results
Win11 could boot up successfully.

Actual results
BSOD