Pih006 Sub Patched (VALIDATED)

Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\PIH\006" -Name "SubPatchStatus" A value of 1 means patched. Some motherboard manufacturers embed the fix in a BIOS update. Reboot into your UEFI settings and look for an entry like "PIH006 Subsystem Patch Applied." Alternatively, use the fwupdmgr tool on Linux:

| Environment | Condition for Vulnerability | | --- | --- | | Linux Kernel 5.15+ | With pih-i2c module loaded and hardware revision B2 | | Windows 11 22H2+ | Intel 12th/13th gen PCH with "Sub-PCIe" root port enabled | | VMware ESXi 7.0 U3 | When using vSAN with specific Mellanox ConnectX-6 sub-functions | | Custom ARM boards (e.g., Raspberry Pi CM4) | If running the pih006 monitoring daemon | pih006 sub patched

Get-WmiObject Win32_PnPSignedDriver | Where-Object $_.DeviceName -like "*PIH006*" You should see DriverVersion: 10.0.22621.2506 and a status field reading "Patched." For a quick registry check: Additionally, check the sysfs flag: For security teams,

modinfo pih_sub | grep version Look for a line containing version: 2.2.1.0 or higher. Additionally, check the sysfs flag: While it introduces minor performance trade-offs on legacy

For security teams, the takeaway is clear: Regularly audit for *sub*patched* status flags in your asset management tooling. Tools like Qualys, Wazuh, and Microsoft Defender for Endpoint have already added detectors for "sub patched missing" as of their October 2024 rule updates. The pih006 sub patched update represents a targeted, efficient fix for a dangerous race condition affecting many modern systems. While it introduces minor performance trade-offs on legacy hardware, the stability and data integrity benefits far outweigh the costs. By verifying the patch status using the commands above—and applying the sub-patch if missing—you can ensure your environment remains resilient against the underlying vulnerability.

If your system falls outside these categories, the patch may either be unnecessary or already integrated into a later cumulative update. Verification differs by operating system. Below are the most reliable methods. For Linux Systems Run the following command to check kernel module versions: