Sign in Subscribe

Three PCIe Vulnerabilities Lead to Data Leaks, Privilege Escalation, or DoS Attacks

Three PCIe Vulnerabilities Lead to Data Leaks, Privilege Escalation, or DoS Attacks

Three vulnerabilities have been discovered in the PCIe IDE protocol specification. However, exploiting these issues requires physical access to the equipment, so the threat is assessed as low.

The problems affect the PCIe Base Specification Revision 5.0 and later versions in the protocol mechanism introduced in the Engineering Change Notice (ECN) for IDE. This was reported by the PCI Special Interest Group (PCI-SIG), which is responsible for developing and maintaining the PCIe standard.

Per experts, depending on the implementation, the vulnerabilities can lead to data leaks, privilege escalation, or denial of service on affected PCIe components.

PCIe IDE, which appeared in PCIe 6.0, is designed to protect data transmission through encryption and integrity verification. Per CERT/CC specialists, IDE uses AES-GCM encryption to protect the confidentiality, integrity, and replay-attack resistance of communications between PCIe components. The hardware-level mechanism provides protection against unauthorized traffic modification.

The vulnerabilities were discovered by Intel employees:

CVE-2025-9612 (Forbidden IDE Reordering) — The lack of integrity checking on the receiving port allows the order of PCIe traffic transmission to be altered, causing the recipient to process outdated data.

CVE-2025-9613 (Completion Timeout Redirection) — Improper cleanup upon a completion timeout allows the recipient to accept incorrect data if an attacker injects a packet with a matching tag.

CVE-2025-9614 (Delayed Posted Redirection) — Improper cleanup or re-keying of an IDE stream can cause the recipient to accept stale or incorrect data packets.

PCI-SIG notes that successful exploitation of these vulnerabilities could undermine the confidentiality, integrity, and security of IDE. However, since the attack requires physical or low-level access to the PCIe IDE interface on the target machine, the vulnerabilities have been assigned a low severity rating (3.0 on the CVSS v3.1 scale and 1.8 on CVSS v4).

"All three vulnerabilities potentially expose systems with IDE and Trusted Domain Interface Security Protocol (TDISP) support to attackers capable of breaking isolation between trusted execution environments," CERT/CC warns.

CERT/CC has urged manufacturers to use the updated PCIe 6.0 standard and apply the recommendations from Erratum #1 to their IDE implementations.

Intel and AMD have already released their own security advisories, listing affected products.

Intel:

  • Xeon 6 processors with P-cores
  • Xeon 6700P-B/6500P-B series SoCs with P-cores

AMD:

  • EPYC 9005 series processors
  • EPYC Embedded 9005 series embedded processors

However, AMD states that it is still awaiting additional details about the vulnerabilities but presumes that its EPYC 9005 processors may be affected.

Per CERT/CC, the status of other major vendors (Arm, Cisco, Google, HP, IBM, Lenovo, and Qualcomm) is currently unknown. Meanwhile, representatives from Nvidia, Dell, F5, and Keysight have stated that their products are not affected.

Hardware manufacturers using PCIe have already received an Engineering Change Notification (ECN) with fixes. Updates are expected in the near future.