CVE-2025-9613

medium

Description

A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.

References

References
More

https://www.securityweek.com/intel-amd-processors-affected-by-pcie-vulnerabilities/

https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

https://pcisig.com/specifications

https://pcisig.com/PCIeIDEStandardVulnerabilities

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00011