Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PCIe IDE mitigation guidance (CERT/CC)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

CERT/CC issued mitigation guidance for PCIe IDE implementations, urging manufacturers to follow PCIe 6.0 and Erratum #1 to reduce exposure in affected components and firmware. The advice matters because the disclosed IDE flaws can lead to information disclosure, privilege escalation, or denial of service in impacted systems. End users were also told to apply firmware updates from their system or component suppliers.

Related Happenings

Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)

Security Patch Release
First: 11.02.2026 15:28 Last: 11.02.2026 15:28 Sources 1

About this happening: On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...

Open Happening

ASRock, ASUS, GIGABYTE, and MSI UEFI early-boot DMA bypass (multiple vulnerabilities)

Vulnerability
First: 19.12.2025 10:25 Last: 19.12.2025 10:25 Sources 1

About this happening: A disclosed UEFI/IOMMU flaw in some ASR ock, ASUS, GIGABYTE, and MSI motherboards can let a physically present attacker use a malicious PCIe DMA device to read or modify system me...

Latest development: 19.12.2025 17:54

Riot Games researchers Nick Peterson and Mohamed Al-Sharifi disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards and worked with CERT Taiwan to coordinate response and reach affected vendors. The issue can let a malicious PCIe device with physical access exploit an early-boot window where firmware asserts that DMA protections are active even if IOMMU did not initialize correctly, leaving RAM exposed before operating-system safeguards load. Carnegie Mellon CERT/CC confirmed broad motherboard impact, vendors have firmware updates for impacted models, and affected systems may block Valorant from launching through Vanguard.

Open Happening

PCIe IDE protocol specification data-handling weaknesses (multiple vulnerabilities)

Vulnerability
First: 10.12.2025 15:32 Last: 10.12.2025 15:32 Sources 1

How related: "This could potentially result in security exposure, including but not limited to, one or more of the following with the affected PCIe component(s), depending on the implementation: (i) information disclosure, (ii) escalation of privilege, or (iii) denial of service," the consortium noted.

About this happening: Three newly disclosed **PCIe IDE** vulnerabilities put **PCIe Base Specification Revision 5.0 and onwards** systems at risk of **information disclosure**, **escalation of privileg...

Open Happening

Timeline

  1. 10.12.2025 15:32 2 articles · 5mo ago

    CERT/CC issues PCIe IDE mitigation guidance

    Mitigation Patch Update

    CERT/CC urged manufacturers to follow the updated PCIe 6.0 standard and apply Erratum #1 guidance to PCIe IDE implementations affected by CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614; end users were also told to install firmware updates from system or component suppliers to reduce exposure in IDE-protected environments.

    Show sources
    Open in new tab