Primary

Context

PCI Express Forbidden IDE Reordering Vulnerability

Vulnerability

A vulnerability exists in the PCI Express Integrity and Data Encryption (IDE) specification, specifically in versions 5.0 and later. The issue arises from inadequate guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness, potentially allowing encrypted packets to be replayed or reordered without detection. This flaw could enable local or physical attackers on the PCIe bus to disrupt data integrity protections.

Impact

Exploitation of this vulnerability could lead to a violation of data integrity protections, allowing for undetected reordering of IDE-protected packets.

Remediation

Users can review and implement PCI-SIG Engineering Change Notifications (ECN) related to this vulnerability. Instructions for accessing these documents are available on the PCI-SIG website.

Added: Dec 9, 2025, 10:10 PM

Updated: Dec 9, 2025, 10:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PCI Express Forbidden IDE Reordering Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating