CVE-2025-9614

Summary

An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to unintended data access across trusted domains, compromising confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
PCI-SIGPCI Express Integrity and Data Encryption (PCIe IDE) Specification0 < 6.5-Rev7.0affected
PCI-SIGPCI Express Integrity and Data Encryption (PCIe IDE) Specification0 < 7.1-Rev7.0affected

Weaknesses

  • CWE-354: Improper Validation of Integrity Check Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References