Linux Kernel Adds PCIe Link Encryption Amid Disclosure of PCIe IDE Vulnerabilities
The Linux kernel is introducing support for PCI Express (PCIe) Link Encryption in version 6.19, a feature developed collaboratively by Intel, AMD, and Arm to enhance the security of cloud server infrastructure. This new capability leverages certificates and keys to encrypt data transmitted between CPUs and hardware components over PCIe, aiming to prevent unauthorized devices from intercepting sensitive information. The encryption protocol, known as Integrity and Data Encryption (IDE), is managed through a Trusted Execution Environment (TEE) Security Manager, providing an additional layer of protection for cloud providers against hardware-based attacks.
Concurrently, three significant vulnerabilities have been disclosed in the PCIe IDE protocol, affecting PCIe Base Specification Revision 5.0 and later. These flaws—CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614—could allow local attackers to reorder traffic, redirect completion timeouts, or inject stale data, potentially leading to information disclosure, privilege escalation, or denial of service. While these vulnerabilities require physical or low-level access to exploit, they highlight the ongoing challenges in securing PCIe communications, even as new encryption features are being integrated into major operating systems like Linux.
Timeline
Dec 11, 2025
PCI-SIG issues draft engineering change notice for future PCIe specs
In response to the specification-level weaknesses, PCI-SIG released a Draft Engineering Change Notice to address the IDE issues in future PCIe specifications. Existing hardware was still expected to rely on firmware-based mitigations from vendors.
Dec 10, 2025
Linux announces PCI Express Link Encryption support for kernel 6.19
The Linux kernel project announced support for PCI Express Link Encryption in version 6.19, a feature developed by Intel, AMD, and Arm to protect data between CPUs and PCIe devices. The design uses certificates and keys managed by a TEE Security Manager to authenticate devices and help prevent rogue hardware from intercepting PCIe traffic.
Dec 10, 2025
Intel and AMD publish advisories and urge firmware updates
Following disclosure, Intel and AMD issued advisories for affected products and told customers to install vendor firmware updates. The guidance focused on reducing risk in sensitive environments such as servers, data centers, and trusted execution deployments.
Dec 10, 2025
PCI-SIG and CERT/CC disclose PCIe IDE flaws and recommend mitigations
The three PCIe IDE vulnerabilities were publicly disclosed with guidance from PCI-SIG and CERT/CC. They recommended updating to the latest PCIe 6.0 standard and applying relevant errata, while noting the flaws require local or physical access rather than remote exploitation.
Dec 10, 2025
Intel researchers discover three PCIe IDE vulnerabilities
Intel researchers identified three flaws in the PCIe Integrity and Data Encryption protocol, later tracked as CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614. The issues affect PCIe Base Specification 5.0 and later and could let attackers with physical or low-level access compromise confidentiality, integrity, or availability.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Malware
Organizations
Sources
Related Stories
Linux Kernel Research Highlights x86 Page-Fault Interrupt Handling Bug and Faster Page-Cache Side-Channel Attacks
Linux kernel security reporting highlighted two separate Linux-focused issues: a long-standing **x86 page-fault handling** logic flaw and newly optimized **page-cache side-channel** techniques. An Intel engineer (Cedric Xing) identified that, since 2020, parts of the x86 `do_page_fault()` path could leave **hardware interrupts** enabled in situations where the kernel’s logic assumed they were disabled, due to conflating address range (user vs. kernel) with execution context; a fix was merged into **Linux 6.19** with plans to backport to stable branches. Separately, researchers from Graz University of Technology described significantly faster Linux **page cache attacks**, reducing cache-flush time from ~149 ms to ~0.8 µs and enabling tighter attack loops (0.6–2.3 µs). The work describes potential impacts including more precise overlay/keylogging-style attacks, inter-keystroke timing inference, container/Docker file-activity insights, and user-activity inference in applications such as Discord and Firefox; reporting noted that only **CVE-2025-21691** has been remediated by the Linux kernel security team. A third item—Imagination Technologies’ GPU driver vulnerability bulletin—covers unrelated **GPU DDK** issues (information leak and UAF-class bugs) and does not pertain to the Linux kernel x86/page-cache topics.
1 months ago
TEE.Fail Side-Channel Attack Compromises Confidential Computing on DDR5 Systems
Academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack named **TEE.Fail** that enables the extraction of secrets from trusted execution environments (TEEs) in modern CPUs, including Intel's SGX and TDX, AMD's SEV-SNP, and even Nvidia's GPU Confidential Computing. The attack leverages a memory-bus interposition technique on DDR5 systems, using off-the-shelf equipment costing under $1,000, to physically intercept and analyze encrypted memory traffic. This method allows attackers with physical access and root privileges to extract cryptographic keys and forge attestation, undermining the security guarantees of confidential computing environments. TEE.Fail is the first attack demonstrated against DDR5-based TEEs, extending previous DDR4-focused research such as WireTap and BatteringRAM. The researchers found that architectural changes in recent server-grade CPUs, specifically the adoption of deterministic AES-XTS encryption without memory integrity and replay protections, have introduced exploitable weaknesses. The attack's success highlights significant risks for organizations relying on hardware-based confidential computing, as it enables the compromise of sensitive data and secure workloads even on fully updated, trusted systems.
1 months ago
Microsoft Discloses Linux Kernel Flaws in TEQL and USB CAN Drivers
Microsoft published security advisories for two Linux kernel vulnerabilities tracked as **`CVE-2026-23277`** and **`CVE-2026-23334`**. The first issue affects the networking stack, where **`net/sched: teql`** received a fix for a **NULL pointer dereference** in **`iptunnel_xmit`** during TEQL slave transmission, indicating a kernel-level flaw that could lead to instability or denial-of-service conditions. A second advisory, **`CVE-2026-23334`**, affects the CAN USB driver path, with a fix in **`can: usb: f81604`** to properly handle **short interrupt URB messages**. Together, the disclosures highlight separate low-level Linux kernel defects in networking and device-driver components that require patching through vendor security updates.
1 months ago