CVE-2025-9612

medium

Description

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical attackers on the PCIe bus to violate data integrity protections.

References

References
More

https://www.securityweek.com/intel-amd-processors-affected-by-pcie-vulnerabilities/

https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

https://pcisig.com/specifications

https://pcisig.com/PCIeIDEStandardVulnerabilities

https://kb.cert.org/vuls/id/404544

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.1

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00013