Primary

Context

PCI Express Vulnerability in Integrity and Data Encryption Specification Allowing Tag Aliasing and Misdelivery of Completions

Vulnerability

A vulnerability exists in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, specifically in versions 5.0 and later. The issue arises from inadequate guidance on tag reuse following completion timeouts, which may permit multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing can lead to completions being sent to the incorrect security context, potentially compromising data integrity and confidentiality.

Impact

The vulnerability can cause tag aliasing, allowing data completions to be misdirected to the wrong security contexts, which could corrupt data and violate confidentiality protections.

Remediation

Users can review and implement PCI-SIG Engineering Change Notifications (ECN) related to this vulnerability. Instructions for accessing these documents are available on the PCI-SIG website.

Added: Dec 9, 2025, 10:09 PM

Updated: Dec 9, 2025, 10:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

2.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

2.9

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PCI Express Vulnerability in Integrity and Data Encryption Specification Allowing Tag Aliasing and Misdelivery of Completions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating