The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.lenovo.com/us/en/product_security/LEN-15552 - Mitigation, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/101484 - Third Party Advisory, VDB Entry | |
References | () https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ - Issue Tracking, Third Party Advisory | |
References | () https://blog.cr.yp.to/20171105-infineon.html - | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf - | |
References | () https://crocs.fi.muni.cz/public/papers/rsa_ccs17 - Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ - Issue Tracking, Third Party Advisory | |
References | () https://github.com/crocs-muni/roca - Mitigation, Third Party Advisory | |
References | () https://github.com/iadgov/Detect-CVE-2017-15361-TPM - Mitigation, Third Party Advisory | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 - | |
References | () https://keychest.net/roca - Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://monitor.certipath.com/rsatest - Mitigation, Third Party Advisory | |
References | () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20171024-0001/ - | |
References | () https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update - Issue Tracking, Mitigation, Patch, Third Party Advisory | |
References | () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us - | |
References | () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us - | |
References | () https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 - Mitigation, Vendor Advisory | |
References | () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html - | |
References | () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html - | |
References | () https://www.kb.cert.org/vuls/id/307015 - Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
References | () https://www.yubico.com/support/security-advisories/ysa-2017-01/ - Mitigation, Third Party Advisory |
Information
Published : 2017-10-16 17:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-15361
Mitre link : CVE-2017-15361
CVE.ORG link : CVE-2017-15361
JSON object : View
Products Affected
acer
- chromebook_15_cb5-571
- chromebook_14_for_work_cp5-471
- chromebox_cxi2
- chromebook_11_c730
- chromebook_r13_cb5-312t
- chromebook_11_c740
- chromebase
- chromebase_24
- chromebook_14_cb3-431
- chromebook_11_c771
- chromebook_11_c735
- chromebook_11_n7_c731
- chromebook_r11
- chromebook_11_c730e
- chromebook_15_cb3-532
- chromebook_11_c771t
- chromebox
- chromebook_15_cb3-531
- chromebook_13_cb5-311
- c720_chromebook
dell
- chromebook_11_model_3180
- chromebook_11_3120
- chromebox
- chromebook_11
- chromebook_11_3189
- chromebook_13_3380
hp
- chromebook_11_g1
- chromebox_g1
- chromebook
- chromebook_11_1100-1199
- chromebook_14_x000-x999
- chromebook_11_2000-2099
- chromebook_11_g5
- chromebook_14_g4
- chromebook_11_2200-2299
- chromebook_14
- chromebook_11_g5_ee
- chromebook_13_g1
- chromebook_11_g3
- chromebook_14_g3
- chromebook_11_g4\/g4_ee
- chromebook_14_ak000-099
- chromebox_cb1-\(000-099\)
- chromebook_11_2100-2199
- chromebook_11-vxxx
- chromebook_11_g2
lenovo
- n22_chromebook
- thinkpad_13_chromebook
- thinkcentre_chromebox
- 100s_chromebook
- n23_flex_11_chromebook
- thinkpad_11e_chromebook
- n23_yoga_11_chromebook
- n42_chromebook
- n20_chromebook
- n23_chromebook
- n21_chromebook
edxis
- chromebook
- education_chromebook
true
- idc_chromebook
- idc_chromebook_11
samsung
- chromebook_2_11
- chromebook_plus
- chromebook_pro
- chromebook_2_11_xe500c12
- chromebook_2_13
- chromebook_3
poin2
- chromebook_14
- chromebook_11
haier
- chromebook_11e
- chromebook_11_c
- chromebook_11
- chromebook_11_g2
pcmerge
- chromebook_pcm-116t-432b
asus
- chromebit_cs10
- chromebox_cn60
- chromebook_c202sa
- chromebook_c301sa
- chromebook_c300sa
- chromebook_c300
- chromebook_c200
- chromebook_flip_c302
- chromebox_cn62
- chromebook_c201pa
- chromebook_flip_c100pa
medion
- chromebook_s2015
- akoya_s2013
prowise
- proline_chromebook
- entry_line_chromebook
aopen
- chromeboxi
- chromebase
- chromebox
hisense
- chromebook_11
ctl
- j2_chromebook
- j4_chromebook
- j5_chromebook
- nl61_chromebook
- n6_chromebook
mercer
- v2_chromebook
- chromebook
- pixel
hexa
- chromebook_pi
lg
- chromebase_22cv241
- chromebase_22cb25s
edugear
- chromebook_r
- chromebook_m
- cmt_chromebook
- chromebook_k
infineon
- rsa_library
- trusted_platform_firmware
rgs
- education_chromebook
senkatel
- c1101_chromebook
xolo
- chromebook
positivo
- chromebook_ch1190
ncomputing
- chromebook_cx100
toshiba
- chromebook
- chromebook_2
asi
- chromebook
bobicus
- chromebook_11
viglen
- chromebook_11
- chromebook_360
videonet
- chromebook
- chromebook_bl10
sector-five
- e1_rugged_chromebook
epik
- chromebook_elb1101
nexian
- chromebook
CWE