diff --git a/etc/permission-hardening.d/25_default_whitelist_qubes.conf b/etc/permission-hardening.d/25_default_whitelist_qubes.conf
index 24b6185..7a5c968 100644
--- a/etc/permission-hardening.d/25_default_whitelist_qubes.conf
+++ b/etc/permission-hardening.d/25_default_whitelist_qubes.conf
@@ -7,7 +7,11 @@
 
 ## TODO: research
 ## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
+##
+## Qubes upstream security issue:
+## qfile-unpacker allows unprivileged users in VMs to gain root privileges
 ## https://github.com/QubesOS/qubes-issues/issues/8633
+##
 ## match both:
 #/usr/lib/qubes/qfile-unpacker whitelist
 #/lib/qubes/qfile-unpacker