SB20251210202 - Multiple vulnerabilities in PCI Express (PCIe) Base Specification documentation

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper validation of integrity check value (CVE-ID: CVE-2025-9612)

The vulnerability allows an attacker to bypass implemented security restrictions. 

The vulnerability exists due to an error in the PCIe IDE protocol’s Transaction Layer Packet (TLP) ordering enforcement mechanism as described in PCI Express (PCIe) Base Specification. A local user or attacker with physical access to the system can perform a Man-in-the-Middle (MITM) attack to observe and reorder IDE protected TLPs without triggering detection at the receiver and violate integrity objectives that both IDE and TDISP are designed to uphold.

2) Insufficient technical documentation (CVE-ID: CVE-2025-9613)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to insufficient guidance on tag reuse after completion timeouts described in PCI Express (PCIe) Base Specification. If the IDE-protected request’s tag is released due to a completion timeout, a subsequent IDE request may reuse the same tag. If the delayed completion of the original request arrives after the new request, the receiver may consume stale or incorrect data. A local user can violate integrity and confidentiality objectives of IDE and TDISP.

3) State Issues (CVE-ID: CVE-2025-9614)

The vulnerability allows a local user to bypass implemented security restrictions. 

The vulnerability exists due to insufficient guidance on re-keying and stream flushing during device rebinding a PCIe device to a new Trusted Domain Interface (TDI) as described in PCI Express (PCIe) Base Specification. A local user can violate confidentiality or security objectives, leading to security restrictions bypass.

Remediation

Install update from vendor's website.

References

• https://pcisig.com/PCIeIDEStandardVulnerabilities