Overview
PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local access to influence data consumed on the link. The PCIe 6.0 IDE Erratum provides corrective guidance, and firmware and hardware updates are expected to address these concerns.
Description
IDE uses AES-GCM encryption to protect confidentiality, integrity, and replay resistance for traffic between PCIe components. It operates between the transaction layer and the data link layer, providing protection close to the hardware against unauthorized modification of link traffic.
Three specification-level vulnerabilities can, under certain conditions, result in consumption of stale or incorrect data if an attacker is able to craft specific traffic patterns at the PCIe interface:
- CVE-2025-9612 – A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data.
- CVE-2025-9613 – Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag.
- CVE-2025-9614 – Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale incorrect data packets.
The PCI-SIG has issued a Draft Engineering Change Notice (D-ECN) titled “IDE TLP Reordering Enhancement” to the Base Specification Rev 7.0. The D-ECN feature will be included in upcoming PCI specifications (Base 6.5 and 7.1) and can also be used in current Base 5.x systems through standard compliance procedures. Hardware and firmware vendors that support PCIe 5.0 IDE should apply these corrections and incorporate the updated test procedures to ensure their implementations are compliant. Because IDE operates at the link layer, operating systems and applications may not detect these conditions directly. Timely firmware distribution through normal supply-chain channels is recommended.
Impact
An attacker with physical or low-level access to the PCIe IDE interface may be able to craft packets that cause the receiver to accept stale or corrupted data, affecting the integrity of the protected link.
Solution
Manufacturers should follow the updated PCIe 6.0 standard and apply the Erratum #1 guidance to their IDE implementations. End users should apply firmware updates provided by their system or component suppliers, especially in environments that rely on IDE to protect sensitive data.
Acknowledgements
These issues were reported by Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma to follow proper disclosure procedure. Coordination support was actively provided by Intel and PCI-SIG members. This document was prepared by Vijay Sarvepalli.
References
- https://pcisig.com/PCIeIDEStandardVulnerabilities
- https://pcisig.com/PCI%20Express/ECN/Base/IntegrityandDataEncryption_A
- https://pcisig.com/specifications
- https://pcisig.com/sites/default/files/files/PCIe%20Security%20Webinar_Aug%202020_PDF.pdf
- https://pcisig.com/blog/integrity-and-data-encryption-ide-and-io-security-updates
- https://semiengineering.com/new-age-solution-for-data-integrity-and-authenticity/
Other Information
| CVE IDs: | CVE-2025-9612 CVE-2025-9613 CVE-2025-9614 |
| API URL: | VINCE JSON | CSAF |
| Date Public: | 2025-12-09 |
| Date First Published: | 2025-12-09 |
| Date Last Updated: | 2025-12-09 19:16 UTC |
| Document Revision: | 2 |