Full Report
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks. The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI Special
Analysis Summary
# Vulnerability: Three PCIe Integrity and Data Encryption (IDE) Protocol Flaws
## CVE Details
- CVE ID: CVE-2025-9612, CVE-2025-9613, CVE-2025-9614
- CVSS Score: 1.8 (CVSS v4.0 score) or 3.0 (CVSS v3.1 score) - Low
- CWE: Not explicitly listed, related to improper handling of sequencing/timeouts/stale data.
## Affected Systems
- Products: PCIe IDE implementation reliant on PCIe Base Specification Revision 5.0 and onwards.
- Intel Xeon 6 Processors with P-cores
- Intel Xeon 6700P-B/6500P-B series SoC with P-Cores.
- AMD EPYC 9005 Series Processors
- AMD EPYC Embedded 9005 Series Processors
- Versions: Systems implementing the IDE ECN in PCIe Base Specification Revision 5.0 and newer.
- Configurations: Systems utilizing the PCIe Integrity and Data Encryption (IDE) protocol mechanism, especially environments relying on IDE for Trusted Domain Interface Security Protocol (TDISP) isolation.
## Vulnerability Description
Three distinct vulnerabilities exist within the PCIe Integrity and Data Encryption (IDE) protocol specification that could lead to faulty data handling if an attacker can breach isolation near the PCIe IDE interface:
1. **CVE-2025-9612 (Forbidden IDE Reordering):** A missing integrity check on a receiving port allows an attacker to potentially reorder PCIe transactions, causing the receiver to process stale data.
2. **CVE-2025-9613 (Completion Timeout Redirection):** Incomplete flushing of a completion timeout allows an attacker to inject a packet with a matching tag, leading the receiver to accept incorrect data.
3. **CVE-2025-9614 (Delayed Posted Redirection):** Incomplete flushing or re-keying of an IDE stream can result in the receiver processing stale or incorrect data packets.
Successful exploitation could undermine the security objectives of IDE, potentially leading to information disclosure, privilege escalation, or denial of service, particularly where IDE is used to protect isolation between trusted execution environments.
## Exploitation
- Status: No mention of exploitation in the wild; details imply prerequisite low-level access.
- Complexity: Low (Implied by low CVSS scores, which typically reflect high access requirements needed for exploitation against hardware mechanisms).
- Attack Vector: Local (Requires physical or low-level access to the targeted computer's PCIe IDE interface).
## Impact
- Confidentiality: Potential Information Disclosure.
- Integrity: Potential for processing incorrect/stale data, potentially leading to manipulation.
- Availability: Potential Denial of Service (DoS).
## Remediation
### Patches
- End users should apply **firmware updates** provided by their system or component suppliers.
- Manufacturers are urged to follow the **updated PCIe 6.0 standard** and apply **Erratum #1 guidance** to their specific IDE implementations.
### Workarounds
- No specific, immediate workarounds are detailed beyond applying vendor-supplied firmware/updates. The nature of this flaw suggests reliance on the official standard corrections for mitigation.
## Detection
- Detection methods are not detailed in the source, but due to the local requirement, monitoring for unusual or unexpected PCIe activity, especially related to data reordering commands or completion timeouts, may be relevant once vendor-specific telemetry is defined.
## References
- PCI-SIG Advisory (General reference, not linked directly)
- CERT/CC Advisory (vuls/id/404544)
- Intel Security Advisory (intel-sa-01409)