Critical PCIe Encryption Vulnerabilities Threaten Data Integrity in PCIe 5.0+ Systems
Recent disclosures have unveiled three significant security vulnerabilities within the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol, specifically affecting systems utilizing PCIe Base Specification Revision 5.0 and later. These flaws pose potential risks to data integrity and system security, particularly in environments where PCIe IDE is implemented to safeguard data transfers.
Understanding PCIe and IDE
PCIe serves as a high-speed interface standard, facilitating communication between a computer’s central processing unit (CPU) and various hardware components such as graphics cards, sound cards, network adapters, and storage devices. To enhance the security of data transmissions over PCIe, the IDE protocol was introduced, offering encryption and integrity checks to protect against unauthorized access and data tampering.
The Identified Vulnerabilities
The vulnerabilities, identified by Intel researchers Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma, are as follows:
1. CVE-2025-9612 (Forbidden IDE Reordering): This flaw arises from a missing integrity check on the receiving port, potentially allowing the reordering of PCIe traffic. Such reordering can lead the receiver to process outdated or stale data, compromising data accuracy and system reliability.
2. CVE-2025-9613 (Completion Timeout Redirection): In this vulnerability, incomplete flushing of a completion timeout may permit a receiver to accept incorrect data. An attacker could exploit this by injecting a packet with a matching tag, leading to erroneous data processing.
3. CVE-2025-9614 (Delayed Posted Redirection): This issue involves incomplete flushing or re-keying of an IDE stream, which may result in the receiver consuming stale or incorrect data packets. Such a scenario undermines the integrity of data transactions within the system.
Potential Impact and Severity
Exploitation of these vulnerabilities could compromise the confidentiality, integrity, and overall security objectives of the IDE protocol. However, successful attacks require physical or low-level access to the targeted computer’s PCIe IDE interface, which somewhat mitigates the immediate risk. Consequently, these vulnerabilities have been assigned a low severity rating, with a CVSS v3.1 score of 3.0 and a CVSS v4 score of 1.8.
Despite the low severity, the PCI Special Interest Group (PCI-SIG) has emphasized that these vulnerabilities could expose systems implementing IDE and Trusted Domain Interface Security Protocol (TDISP) to adversaries capable of breaching isolation between trusted execution environments.
Affected Systems and Recommendations
The vulnerabilities impact several products from leading manufacturers, including:
– Intel:
– Xeon 6 Processors with P-cores
– Xeon 6700P-B/6500P-B series System on Chip (SoC) with P-Cores
– AMD:
– EPYC 9005 Series Processors
– EPYC Embedded 9005 Series Processors
In response to these findings, the CERT Coordination Center (CERT/CC) has issued an advisory urging manufacturers to adhere to the updated PCIe 6.0 standard and implement the guidance provided in Erratum #1 for their IDE implementations. End users are advised to apply firmware updates provided by their system or component suppliers, especially in environments that rely on IDE to protect sensitive data.
Broader Implications and Historical Context
This disclosure underscores the ongoing challenges in securing hardware interfaces and protocols. Similar vulnerabilities have been identified in the past, highlighting the need for continuous vigilance and proactive measures in hardware security.
For instance, in October 2025, researchers unveiled the TEE.Fail side-channel attack, which exploited vulnerabilities in trusted execution environments (TEEs) of Intel and AMD processors. This attack demonstrated the potential for extracting cryptographic keys from secure enclaves, emphasizing the critical nature of hardware-level security flaws.
Furthermore, in November 2018, significant flaws were discovered in self-encrypting solid-state drives (SSDs), allowing attackers to decrypt data without knowledge of passwords or keys. These incidents collectively highlight the persistent and evolving nature of hardware security vulnerabilities.
Conclusion
The recent identification of vulnerabilities within the PCIe IDE protocol serves as a stark reminder of the complexities involved in securing hardware interfaces. While the immediate risk may be mitigated by the requirement for physical access, the potential for data integrity issues necessitates prompt action from manufacturers and users alike. By adhering to updated standards and applying necessary firmware updates, stakeholders can enhance the security posture of their systems against such vulnerabilities.
