PCIe IDE protocol specification data-handling weaknesses (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Three newly disclosed PCIe IDE vulnerabilities put PCIe Base Specification Revision 5.0 and onwards systems at risk of information disclosure, escalation of privilege, or denial of service. The flaws are tracked as CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614, and they affect the protocol mechanism introduced by the IDE ECN. Exploitation requires physical or low-level access to the PCIe IDE interface, so the bugs are rated low severity even though they can undermine IDE confidentiality and integrity. Intel, AMD, and CERT/CC have already issued guidance for affected systems.
Related Happenings
PCIe IDE mitigation guidance (CERT/CC)
Advisory/Mitigation
First: 10.12.2025 15:32
Last: 10.12.2025 15:32
Sources 1
How related:
"In an advisory released Tuesday, the CERT Coordination Center (CERT/CC) urged manufacturers to follow the updated PCIe 6.0 standard and apply the Erratum #1 guidance to their IDE implementations."
About this happening:
**CERT/CC** issued mitigation guidance for **PCIe IDE** implementations, urging manufacturers to follow **PCIe 6.0** and **Erratum #1** to reduce exposure in affected components a...
PCIe IDE mitigation guidance (CERT/CC)
Advisory/MitigationHow related: "In an advisory released Tuesday, the CERT Coordination Center (CERT/CC) urged manufacturers to follow the updated PCIe 6.0 standard and apply the Erratum #1 guidance to their IDE implementations."
About this happening: **CERT/CC** issued mitigation guidance for **PCIe IDE** implementations, urging manufacturers to follow **PCIe 6.0** and **Erratum #1** to reduce exposure in affected components a...
TEE.Fail DDR5 side-channel analysis of Intel TDX and AMD SEV-SNP memory interposition
Technical Analysis
First: 28.10.2025 21:16
Last: 28.10.2025 21:16
Sources 1
About this happening:
**TEE.Fail** is a newly demonstrated **DDR5** side-channel that can extract secrets from **Intel SGX/TDX** and **AMD SEV-SNP**, weakening trust in confidential-computing attestati...
TEE.Fail DDR5 side-channel analysis of Intel TDX and AMD SEV-SNP memory interposition
Technical AnalysisAbout this happening: **TEE.Fail** is a newly demonstrated **DDR5** side-channel that can extract secrets from **Intel SGX/TDX** and **AMD SEV-SNP**, weakening trust in confidential-computing attestati...
Timeline
-
10.12.2025 15:32 2 articles · 5mo ago
PCIe IDE vulnerabilities disclosed
Initial DisclosureThree vulnerabilities in the PCIe Integrity and Data Encryption (IDE) protocol specification were disclosed for PCIe Base Specification Revision 5.0 and later, including CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614. The flaws can cause stale or incorrect data handling and may expose affected PCIe component(s) to information disclosure, escalation of privilege, or denial of service when an attacker has physical or low-level access to the PCIe IDE interface. CERT/CC, Intel, and AMD issued guidance for affected Intel Xeon and AMD EPYC product lines, recommending firmware updates and the updated PCIe 6.0 Erratum #1 guidance.
Show sources
- Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling — thehackernews.com — 10.12.2025 15:32
- Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling — thehackernews.com — 10.12.2025 15:32