K000158850: PCIe IDE protocol specification vulnerabilities CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614

Security Advisory Description CVE-2025-9612 An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without...

CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9613 CVE-2025-9613

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

PT-2025-50217

Name of the Vulnerable Software and Affected Versions PCI Express PCIe Integrity and Data Encryption IDE specification affected versions not specified Description The PCI Express PCIe Integrity and Data Encryption IDE specification contains insufficient guidance regarding Transaction Layer Packet...

Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification

Overview PCI Express Integrity and Data Encryption PCIe IDE, introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local...