"PCIe is a widely used high-speed standard to connect hardware peripherals and components, including graphics cards, sound cards, Wi-Fi and Ethernet adapters, and storage devices, inside computers and servers. Introduced in PCIe 6.0, PCIe IDE is designed to secure data transfers through encryption and integrity protections. The three IDE vulnerabilities, discovered by Intel employees Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma, are listed below -"
"CVE-2025-9612 (Forbidden IDE Reordering) - A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data. CVE-2025-9613 (Completion Timeout Redirection) - Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag. CVE-2025-9614 (Delayed Posted Redirection) - Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale, incorrect data packets."
Three vulnerabilities affect the PCIe Integrity and Data Encryption (IDE) protocol mechanism introduced by the IDE ECN and impact PCIe Base Specification Revision 5.0 and later. Successful exploitation can undermine confidentiality, integrity, and availability of affected PCIe components, potentially causing information disclosure, privilege escalation, or denial of service depending on implementation. The flaws were discovered by Intel employees Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma. The specific issues allow traffic reordering, completion timeout redirection, or delayed posted redirection that may let receivers process stale or incorrect data. Exploits require physical or low-level access to the target system.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]