CVE-2025-9613

Summary

A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.

Affected Software

VendorProductVersion RangeStatus
PCI-SIGPCI Express Integrity and Data Encryption (PCIe IDE) Specification0 < 7.1-Rev7.0affected
PCI-SIGPCI Express Integrity and Data Encryption (PCIe IDE) Specification0 < 6.5-Rev7.0affected

Weaknesses

  • CWE-459: Incomplete Cleanup

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References