CVE-2017-15361
First published: Mon Oct 16 2017(Updated: )
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Infineon Trusted Platform Firmware | =4.31 | |
| Infineon Trusted Platform Firmware | =4.32 | |
| Infineon Trusted Platform Firmware | =6.40 | |
| Infineon Trusted Platform Firmware | =133.32 | |
| Acer C720 Chromebook | ||
| Acer Chromebase | ||
| Acer Chromebase 24 | ||
| Acer Chromebook 11 C730 | ||
| Acer Chromebook 11 C730e | ||
| Acer Chromebook 11 C735 | ||
| Acer Chromebook 11 C740 | ||
| Acer Chromebook 11 C771 | ||
| Acer Chromebook 11 C771t | ||
| Acer Chromebook 11 N7 C731 | ||
| Acer Chromebook 13 Cb5-311 | ||
| Acer Chromebook 14 Cb3-431 | ||
| Acer Chromebook 14 For Work Cp5-471 | ||
| Acer Chromebook 15 Cb3-531 | ||
| Acer Chromebook 15 Cb3-532 | ||
| Acer Chromebook 15 Cb5-571 | ||
| Acer Chromebook R11 | ||
| Acer Chromebook R13 Cb5-312t | ||
| Acer Chromebox | ||
| Acer Chromebox Cxi2 | ||
| Aopen Chromebase | ||
| Aopen Chromebase | ||
| Aopen Chromebox | ||
| Aopen Chromeboxi | ||
| Asi Chromebook | ||
| Asus Chromebit Cs10 | ||
| Asus Chromebook C200 | ||
| Asus Chromebook C201pa | ||
| Asus Chromebook C202sa | ||
| Asus Chromebook C300 | ||
| Asus Chromebook C300sa | ||
| Asus Chromebook C301sa | ||
| Asus Chromebook Flip C100pa | ||
| Asus Chromebook Flip C302 | ||
| Asus Chromebox Cn60 | ||
| Asus Chromebox Cn62 | ||
| Bobicus Chromebook 11 | ||
| Ctl J2 Chromebook | ||
| Ctl J4 Chromebook | ||
| Ctl J5 Chromebook | ||
| Ctl N6 Chromebook | ||
| Ctl Nl61 Chromebook | ||
| Dell Chromebook 11 | ||
| Dell Chromebook 11 3120 | ||
| Dell Chromebook 11 3189 | ||
| Dell Chromebook 11 Model 3180 | ||
| Dell Chromebook 13 3380 | ||
| Dell Chromebox | ||
| Edugear Chromebook K | ||
| Edugear Chromebook M | ||
| Edugear Chromebook R | ||
| Edugear Cmt Chromebook | ||
| Edxis Chromebook | ||
| Edxis Education Chromebook | ||
| Epik Chromebook Elb1101 | ||
| Google Pixel | ||
| Haier Chromebook 11 | ||
| Haier Chromebook 11 C | ||
| Haier Chromebook 11 G2 | ||
| Haier Chromebook 11e | ||
| Hexa Chromebook Pi | ||
| Hisense Chromebook 11 | ||
| Hp Chromebook | ||
| Hp Chromebook 11-vxxx | ||
| Hp Chromebook 11 1100-1199 | ||
| Hp Chromebook 11 2000-2099 | ||
| Hp Chromebook 11 2100-2199 | ||
| Hp Chromebook 11 2200-2299 | ||
| Hp Chromebook 11 G1 | ||
| Hp Chromebook 11 G2 | ||
| Hp Chromebook 11 G3 | ||
| Hp Chromebook 11 G4\/g4 Ee | ||
| Hp Chromebook 11 G5 | ||
| Hp Chromebook 11 G5 Ee | ||
| Hp Chromebook 13 G1 | ||
| Hp Chromebook 14 | ||
| Hp Chromebook 14 Ak000-099 | ||
| Hp Chromebook 14 G3 | ||
| Hp Chromebook 14 G4 | ||
| Hp Chromebook 14 X000-x999 | ||
| Hp Chromebox Cb1-\(000-099\) | ||
| Hp Chromebox G1 | ||
| Lenovo 100s Chromebook | ||
| Lenovo N20 Chromebook | ||
| Lenovo N21 Chromebook | ||
| Lenovo N22 Chromebook | ||
| Lenovo N23 Chromebook | ||
| Lenovo N23 Flex 11 Chromebook | ||
| Lenovo N23 Yoga 11 Chromebook | ||
| Lenovo N42 Chromebook | ||
| Lenovo Thinkcentre Chromebox | ||
| Lenovo Thinkpad 11e Chromebook | ||
| Lenovo Thinkpad 13 Chromebook | ||
| Lg Chromebase 22cb25s | ||
| Lg Chromebase 22cv241 | ||
| Medion Akoya S2013 | ||
| Medion Chromebook S2015 | ||
| Mercer Chromebook | ||
| Mercer V2 Chromebook | ||
| Ncomputing Chromebook Cx100 | ||
| Nexian Chromebook | ||
| Pcmerge Chromebook Pcm-116t-432b | ||
| Poin2 Chromebook 11 | ||
| Poin2 Chromebook 14 | ||
| Positivo Chromebook Ch1190 | ||
| Prowise Entry Line Chromebook | ||
| Prowise Proline Chromebook | ||
| Rgs Education Chromebook | ||
| Samsung Chromebook 2 11 | ||
| Samsung Chromebook 2 11 Xe500c12 | ||
| Samsung Chromebook 2 13 | ||
| Samsung Chromebook 3 | ||
| Samsung Chromebook Plus | ||
| Samsung Chromebook Pro | ||
| Sector-five E1 Rugged Chromebook | ||
| Senkatel C1101 Chromebook | ||
| Toshiba Chromebook | ||
| Toshiba Chromebook 2 | ||
| Toshiba Chromebook 2 | ||
| True Idc Chromebook | ||
| True Idc Chromebook 11 | ||
| Videonet Chromebook | ||
| Videonet Chromebook Bl10 | ||
| Viglen Chromebook 11 | ||
| Viglen Chromebook 360 | ||
| Xolo Chromebook | ||
| Infineon RSA library | <=1.02.013 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.lenovo.com/us/en/product_security/LEN-15552
- http://www.securityfocus.com/bid/101484
- https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
- https://blog.cr.yp.to/20171105-infineon.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/
- https://github.com/crocs-muni/roca
- https://github.com/iadgov/Detect-CVE-2017-15361-TPM
- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
- https://keychest.net/roca
- https://monitor.certipath.com/rsatest
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
- https://security.netapp.com/advisory/ntap-20171024-0001/
- https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
- https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
- https://www.kb.cert.org/vuls/id/307015
- https://www.yubico.com/support/security-advisories/ysa-2017-01/
Frequently Asked Questions
What is the severity of CVE-2017-15361?
The severity of CVE-2017-15361 is rated as medium with a score of 5.9.
How do I fix CVE-2017-15361?
To fix CVE-2017-15361, update to a patched version of the Infineon RSA library, ideally version 1.02.014 or higher.
Which Infineon Trusted Platform Module (TPM) firmware versions are affected by CVE-2017-15361?
CVE-2017-15361 affects Infineon Trusted Platform Module firmware versions before 0000000000000422 - 4.34, 000000000000062b - 6.43, and 0000000000008521 - 133.33.
What type of vulnerability is CVE-2017-15361?
CVE-2017-15361 is an RSA key generation mishandling vulnerability in the Infineon RSA library.
Who is affected by CVE-2017-15361?
Users of Infineon Trusted Platform Module firmware and devices using the Infineon RSA library are affected by CVE-2017-15361.
- collector/nvd-index
- vendor/infineon
- product/trusted platform firmware
- canonical/infineon trusted platform firmware
- vendor/acer
- product/c720 chromebook
- canonical/acer c720 chromebook
- product/chromebase
- canonical/acer chromebase
- product/chromebase 24
- canonical/acer chromebase 24
- product/chromebook 11 c730
- canonical/acer chromebook 11 c730
- product/chromebook 11 c730e
- canonical/acer chromebook 11 c730e
- product/chromebook 11 c735
- canonical/acer chromebook 11 c735
- product/chromebook 11 c740
- canonical/acer chromebook 11 c740
- product/chromebook 11 c771
- canonical/acer chromebook 11 c771
- product/chromebook 11 c771t
- canonical/acer chromebook 11 c771t
- product/chromebook 11 n7 c731
- canonical/acer chromebook 11 n7 c731
- product/chromebook 13 cb5-311
- canonical/acer chromebook 13 cb5-311
- product/chromebook 14 cb3-431
- canonical/acer chromebook 14 cb3-431
- product/chromebook 14 for work cp5-471
- canonical/acer chromebook 14 for work cp5-471
- product/chromebook 15 cb3-531
- canonical/acer chromebook 15 cb3-531
- product/chromebook 15 cb3-532
- canonical/acer chromebook 15 cb3-532
- product/chromebook 15 cb5-571
- canonical/acer chromebook 15 cb5-571
- product/chromebook r11
- canonical/acer chromebook r11
- product/chromebook r13 cb5-312t
- canonical/acer chromebook r13 cb5-312t
- product/chromebox
- canonical/acer chromebox
- product/chromebox cxi2
- canonical/acer chromebox cxi2
- vendor/aopen
- canonical/aopen chromebase
- canonical/aopen chromebox
- product/chromeboxi
- canonical/aopen chromeboxi
- vendor/asi
- product/chromebook
- canonical/asi chromebook
- vendor/asus
- product/chromebit cs10
- canonical/asus chromebit cs10
- product/chromebook c200
- canonical/asus chromebook c200
- product/chromebook c201pa
- canonical/asus chromebook c201pa
- product/chromebook c202sa
- canonical/asus chromebook c202sa
- product/chromebook c300
- canonical/asus chromebook c300
- product/chromebook c300sa
- canonical/asus chromebook c300sa
- product/chromebook c301sa
- canonical/asus chromebook c301sa
- product/chromebook flip c100pa
- canonical/asus chromebook flip c100pa
- product/chromebook flip c302
- canonical/asus chromebook flip c302
- product/chromebox cn60
- canonical/asus chromebox cn60
- product/chromebox cn62
- canonical/asus chromebox cn62
- vendor/bobicus
- product/chromebook 11
- canonical/bobicus chromebook 11
- vendor/ctl
- product/j2 chromebook
- canonical/ctl j2 chromebook
- product/j4 chromebook
- canonical/ctl j4 chromebook
- product/j5 chromebook
- canonical/ctl j5 chromebook
- product/n6 chromebook
- canonical/ctl n6 chromebook
- product/nl61 chromebook
- canonical/ctl nl61 chromebook
- vendor/dell
- canonical/dell chromebook 11
- product/chromebook 11 3120
- canonical/dell chromebook 11 3120
- product/chromebook 11 3189
- canonical/dell chromebook 11 3189
- product/chromebook 11 model 3180
- canonical/dell chromebook 11 model 3180
- product/chromebook 13 3380
- canonical/dell chromebook 13 3380
- canonical/dell chromebox
- vendor/edugear
- product/chromebook k
- canonical/edugear chromebook k
- product/chromebook m
- canonical/edugear chromebook m
- product/chromebook r
- canonical/edugear chromebook r
- product/cmt chromebook
- canonical/edugear cmt chromebook
- vendor/edxis
- canonical/edxis chromebook
- product/education chromebook
- canonical/edxis education chromebook
- vendor/epik
- product/chromebook elb1101
- canonical/epik chromebook elb1101
- vendor/google
- product/pixel
- canonical/google pixel
- vendor/haier
- canonical/haier chromebook 11
- product/chromebook 11 c
- canonical/haier chromebook 11 c
- product/chromebook 11 g2
- canonical/haier chromebook 11 g2
- product/chromebook 11e
- canonical/haier chromebook 11e
- vendor/hexa
- product/chromebook pi
- canonical/hexa chromebook pi
- vendor/hisense
- canonical/hisense chromebook 11
- vendor/hp
- canonical/hp chromebook
- product/chromebook 11-vxxx
- canonical/hp chromebook 11-vxxx
- product/chromebook 11 1100-1199
- canonical/hp chromebook 11 1100-1199
- product/chromebook 11 2000-2099
- canonical/hp chromebook 11 2000-2099
- product/chromebook 11 2100-2199
- canonical/hp chromebook 11 2100-2199
- product/chromebook 11 2200-2299
- canonical/hp chromebook 11 2200-2299
- product/chromebook 11 g1
- canonical/hp chromebook 11 g1
- canonical/hp chromebook 11 g2
- product/chromebook 11 g3
- canonical/hp chromebook 11 g3
- product/chromebook 11 g4\/g4 ee
- canonical/hp chromebook 11 g4\/g4 ee
- product/chromebook 11 g5
- canonical/hp chromebook 11 g5
- product/chromebook 11 g5 ee
- canonical/hp chromebook 11 g5 ee
- product/chromebook 13 g1
- canonical/hp chromebook 13 g1
- product/chromebook 14
- canonical/hp chromebook 14
- product/chromebook 14 ak000-099
- canonical/hp chromebook 14 ak000-099
- product/chromebook 14 g3
- canonical/hp chromebook 14 g3
- product/chromebook 14 g4
- canonical/hp chromebook 14 g4
- product/chromebook 14 x000-x999
- canonical/hp chromebook 14 x000-x999
- product/chromebox cb1-\(000-099\)
- canonical/hp chromebox cb1-\(000-099\)
- product/chromebox g1
- canonical/hp chromebox g1
- vendor/lenovo
- product/100s chromebook
- canonical/lenovo 100s chromebook
- product/n20 chromebook
- canonical/lenovo n20 chromebook
- product/n21 chromebook
- canonical/lenovo n21 chromebook
- product/n22 chromebook
- canonical/lenovo n22 chromebook
- product/n23 chromebook
- canonical/lenovo n23 chromebook
- product/n23 flex 11 chromebook
- canonical/lenovo n23 flex 11 chromebook
- product/n23 yoga 11 chromebook
- canonical/lenovo n23 yoga 11 chromebook
- product/n42 chromebook
- canonical/lenovo n42 chromebook
- product/thinkcentre chromebox
- canonical/lenovo thinkcentre chromebox
- product/thinkpad 11e chromebook
- canonical/lenovo thinkpad 11e chromebook
- product/thinkpad 13 chromebook
- canonical/lenovo thinkpad 13 chromebook
- vendor/lg
- product/chromebase 22cb25s
- canonical/lg chromebase 22cb25s
- product/chromebase 22cv241
- canonical/lg chromebase 22cv241
- vendor/medion
- product/akoya s2013
- canonical/medion akoya s2013
- product/chromebook s2015
- canonical/medion chromebook s2015
- vendor/mercer
- canonical/mercer chromebook
- product/v2 chromebook
- canonical/mercer v2 chromebook
- vendor/ncomputing
- product/chromebook cx100
- canonical/ncomputing chromebook cx100
- vendor/nexian
- canonical/nexian chromebook
- vendor/pcmerge
- product/chromebook pcm-116t-432b
- canonical/pcmerge chromebook pcm-116t-432b
- vendor/poin2
- canonical/poin2 chromebook 11
- canonical/poin2 chromebook 14
- vendor/positivo
- product/chromebook ch1190
- canonical/positivo chromebook ch1190
- vendor/prowise
- product/entry line chromebook
- canonical/prowise entry line chromebook
- product/proline chromebook
- canonical/prowise proline chromebook
- vendor/rgs
- canonical/rgs education chromebook
- vendor/samsung
- product/chromebook 2 11
- canonical/samsung chromebook 2 11
- product/chromebook 2 11 xe500c12
- canonical/samsung chromebook 2 11 xe500c12
- product/chromebook 2 13
- canonical/samsung chromebook 2 13
- product/chromebook 3
- canonical/samsung chromebook 3
- product/chromebook plus
- canonical/samsung chromebook plus
- product/chromebook pro
- canonical/samsung chromebook pro
- vendor/sector-five
- product/e1 rugged chromebook
- canonical/sector-five e1 rugged chromebook
- vendor/senkatel
- product/c1101 chromebook
- canonical/senkatel c1101 chromebook
- vendor/toshiba
- canonical/toshiba chromebook
- product/chromebook 2
- canonical/toshiba chromebook 2
- vendor/true
- product/idc chromebook
- canonical/true idc chromebook
- product/idc chromebook 11
- canonical/true idc chromebook 11
- vendor/videonet
- canonical/videonet chromebook
- product/chromebook bl10
- canonical/videonet chromebook bl10
- vendor/viglen
- canonical/viglen chromebook 11
- product/chromebook 360
- canonical/viglen chromebook 360
- vendor/xolo
- canonical/xolo chromebook
- product/rsa library
- canonical/infineon rsa library