Linux Kernel Adds PCIe Link Encryption Amid Disclosure of PCIe IDE Vulnerabilities
The Linux kernel is introducing support for PCI Express (PCIe) Link Encryption in version 6.19, a feature developed collaboratively by Intel, AMD, and Arm to enhance the security of cloud server infrastructure. This new capability leverages certificates and keys to encrypt data transmitted between CPUs and hardware components over PCIe, aiming to prevent unauthorized devices from intercepting sensitive information. The encryption protocol, known as Integrity and Data Encryption (IDE), is managed through a Trusted Execution Environment (TEE) Security Manager, providing an additional layer of protection for cloud providers against hardware-based attacks.
Concurrently, three significant vulnerabilities have been disclosed in the PCIe IDE protocol, affecting PCIe Base Specification Revision 5.0 and later. These flaws—CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614—could allow local attackers to reorder traffic, redirect completion timeouts, or inject stale data, potentially leading to information disclosure, privilege escalation, or denial of service. While these vulnerabilities require physical or low-level access to exploit, they highlight the ongoing challenges in securing PCIe communications, even as new encryption features are being integrated into major operating systems like Linux.
Related Entities
Sources
Related Stories
Linux Kernel Research Highlights x86 Page-Fault Interrupt Handling Bug and Faster Page-Cache Side-Channel Attacks
Linux kernel security reporting highlighted two separate Linux-focused issues: a long-standing **x86 page-fault handling** logic flaw and newly optimized **page-cache side-channel** techniques. An Intel engineer (Cedric Xing) identified that, since 2020, parts of the x86 `do_page_fault()` path could leave **hardware interrupts** enabled in situations where the kernel’s logic assumed they were disabled, due to conflating address range (user vs. kernel) with execution context; a fix was merged into **Linux 6.19** with plans to backport to stable branches. Separately, researchers from Graz University of Technology described significantly faster Linux **page cache attacks**, reducing cache-flush time from ~149 ms to ~0.8 µs and enabling tighter attack loops (0.6–2.3 µs). The work describes potential impacts including more precise overlay/keylogging-style attacks, inter-keystroke timing inference, container/Docker file-activity insights, and user-activity inference in applications such as Discord and Firefox; reporting noted that only **CVE-2025-21691** has been remediated by the Linux kernel security team. A third item—Imagination Technologies’ GPU driver vulnerability bulletin—covers unrelated **GPU DDK** issues (information leak and UAF-class bugs) and does not pertain to the Linux kernel x86/page-cache topics.
1 months agoTEE.Fail Side-Channel Attack Compromises Confidential Computing on DDR5 Systems
Academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack named **TEE.Fail** that enables the extraction of secrets from trusted execution environments (TEEs) in modern CPUs, including Intel's SGX and TDX, AMD's SEV-SNP, and even Nvidia's GPU Confidential Computing. The attack leverages a memory-bus interposition technique on DDR5 systems, using off-the-shelf equipment costing under $1,000, to physically intercept and analyze encrypted memory traffic. This method allows attackers with physical access and root privileges to extract cryptographic keys and forge attestation, undermining the security guarantees of confidential computing environments. TEE.Fail is the first attack demonstrated against DDR5-based TEEs, extending previous DDR4-focused research such as WireTap and BatteringRAM. The researchers found that architectural changes in recent server-grade CPUs, specifically the adoption of deterministic AES-XTS encryption without memory integrity and replay protections, have introduced exploitable weaknesses. The attack's success highlights significant risks for organizations relying on hardware-based confidential computing, as it enables the compromise of sensitive data and secure workloads even on fully updated, trusted systems.
4 months agoIntel 700 Series Ethernet Driver Privilege Escalation Vulnerabilities (CVE-2025-24486 and CVE-2025-25273)
F5 published security advisories regarding two privilege escalation vulnerabilities affecting the Linux kernel-mode driver for Intel 700 Series Ethernet adapters, identified as CVE-2025-24486 and CVE-2025-25273. Both vulnerabilities could allow an authenticated local user to escalate privileges via improper input validation and insufficient control flow management, respectively, in driver versions prior to 2.28.5. F5 confirmed that none of its products are affected by either vulnerability after evaluating all currently supported releases. The advisories clarify that these issues do not impact F5 products, and no action is required for F5 customers. The company will not update the advisories further unless new information emerges. Customers are encouraged to review the security response policy and subscribe to notifications for future updates regarding F5 product security.
4 months ago