Find notable cyber news and cases, enriched with sources, timelines, and signals.

PCIe IDE mitigation guidance (CERT/CC)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

CERT/CC issued mitigation guidance for PCIe IDE implementations, urging manufacturers to follow PCIe 6.0 and Erratum #1 to reduce exposure in affected components and firmware. The advice matters because the disclosed IDE flaws can lead to information disclosure, privilege escalation, or denial of service in impacted systems. End users were also told to apply firmware updates from their system or component suppliers.

Related Happenings

CERT/CC UEFI DBX mitigation for vendor-signed applications

Advisory/Mitigation
H score28 First: 19.06.2026 21:33 Last: 19.06.2026 21:33 Sources 1

About this happening: **CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...

Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)

Security Patch Release
H score48 First: 11.02.2026 15:28 Last: 11.02.2026 15:28 Sources 1

About this happening: On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...

ASRock, ASUS, GIGABYTE, and MSI UEFI early-boot DMA bypass (multiple vulnerabilities)

Vulnerability
H score18 First: 19.12.2025 10:25 Last: 19.12.2025 10:25 Sources 1

About this happening: A disclosed UEFI/IOMMU flaw in some ASR ock, ASUS, GIGABYTE, and MSI motherboards can let a physically present attacker use a malicious PCIe DMA device to read or modify system me...

Latest development: 19.12.2025 17:54

Riot Games researchers Nick Peterson and Mohamed Al-Sharifi disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards and worked with CERT Taiwan to coordinate response and reach affected vendors. The issue can let a malicious PCIe device with physical access exploit an early-boot window where firmware asserts that DMA protections are active even if IOMMU did not initialize correctly, leaving RAM exposed before operating-system safeguards load. Carnegie Mellon CERT/CC confirmed broad motherboard impact, vendors have firmware updates for impacted models, and affected systems may block Valorant from launching through Vanguard.

PCIe IDE protocol specification data-handling weaknesses (multiple vulnerabilities)

Vulnerability
H score8 First: 10.12.2025 15:32 Last: 10.12.2025 15:32 Sources 1

How related: "This could potentially result in security exposure, including but not limited to, one or more of the following with the affected PCIe component(s), depending on the implementation: (i) information disclosure, (ii) escalation of privilege, or (iii) denial of service," the consortium noted.

About this happening: Three newly disclosed **PCIe IDE** vulnerabilities put **PCIe Base Specification Revision 5.0 and onwards** systems at risk of **information disclosure**, **escalation of privileg...

Timeline

  1. 10.12.2025 15:32 2 articles · 7mo ago

    CERT/CC issues PCIe IDE mitigation guidance

    Mitigation Patch Update

    CERT/CC urged manufacturers to follow the updated PCIe 6.0 standard and apply Erratum #1 guidance to PCIe IDE implementations affected by CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614; end users were also told to install firmware updates from system or component suppliers to reduce exposure in IDE-protected environments.

    Show sources