CVE-2025-9613 | THREATINT

Description

A vulnerability was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completions being delivered to the wrong security context, potentially compromising data integrity and confidentiality.

PUBLISHED Reserved 2025-08-28 | Published 2025-12-09 | Updated 2025-12-10 | Assigner certcc

Problem types

CWE-459: Incomplete Cleanup

Product status

Any version before 7.1-Rev7.0

affected

Any version before 6.5-Rev7.0

affected

References

pcisig.com/specifications

pcisig.com/PCIeIDEStandardVulnerabilities

cve.org (CVE-2025-9613)

nvd.nist.gov (CVE-2025-9613)

Download JSON