CVE-2017-15361

Published Oct 16, 2017
·
Updated

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Affected Software

131 affected components
Infineon Trusted Platform Firmware=4.31
Infineon Trusted Platform Firmware=4.32
Infineon Trusted Platform Firmware=6.40
Infineon Trusted Platform Firmware=133.32
Acer C720 Chromebook
Acer Chromebase
Acer Chromebase 24
Acer Chromebook 11 C730
Acer Chromebook 11 C730e
Acer Chromebook 11 C735
Acer Chromebook 11 C740
Acer Chromebook 11 C771
Acer Chromebook 11 C771t
Acer Chromebook 11 N7 C731
Acer Chromebook 13 Cb5-311
Acer Chromebook 14 Cb3-431
Acer Chromebook 14 For Work Cp5-471
Acer Chromebook 15 Cb3-531
Acer Chromebook 15 Cb3-532
Acer Chromebook 15 Cb5-571
Acer Chromebook R11
Acer Chromebook R13 Cb5-312t
Acer Chromebox
Acer Chromebox Cxi2
Aopen Chromebase
Aopen Chromebase
Aopen Chromebox
Aopen Chromeboxi
asi Chromebook
ASUS Chromebit Cs10
ASUS Chromebook C200
ASUS Chromebook C201pa
ASUS Chromebook C202sa
ASUS Chromebook C300
ASUS Chromebook C300sa
ASUS Chromebook C301sa
ASUS Chromebook Flip C100pa
ASUS Chromebook Flip C302
ASUS Chromebox Cn60
ASUS Chromebox Cn62
Bobicus Chromebook 11
Ctl J2 Chromebook Education
Ctl J4 Chromebook Education
Ctl J5 Chromebook
Ctl N6 Chromebook Education
Ctl Nl61 Chromebook
Dell Chromebook 11
Dell Chromebook 11 3120
Dell Chromebook 11 3189
Dell Chromebook 11 Model 3180
Dell Chromebook 13 3380
Dell Chromebox
Edugear Chromebook K
Edugear Chromebook M
Edugear Chromebook R
Edugear Cmt Chromebook
Edxis Chromebook
Edxis Education Chromebook
Epik Chromebook Elb1101
Google Pixel
Haier Chromebook 11
Haier Chromebook 11 C
Haier Chromebook 11 G2
Haier Chromebook 11e
Hexa Chromebook Pi
Hisense Chromebook 11
HP Chromebook Meetings
HP Chromebook 11-vxxx
HP Chromebook 11 1100-1199
HP Chromebook 11 2000-2099
HP Chromebook 11 2100-2199
HP Chromebook 11 2200-2299
HP Chromebook 11 G1
HP Chromebook 11 G2
HP Chromebook 11 G3
HP Chromebook 11 G4\/g4 Ee
HP Chromebook 11 G5
HP Chromebook 11 G5 Ee
HP Chromebook 13 G1
HP Chromebook 14
HP Chromebook 14 Ak000-099
HP Chromebook 14 G3
HP Chromebook 14 G4
HP Chromebook 14 X000-x999
HP Chromebox Cb1-\(000-099\)
HP Chromebox G1
Lenovo 100s Chromebook
Lenovo N20 Chromebook
Lenovo N21 Chromebook
Lenovo N22 Chromebook
Lenovo N23 Chromebook
Lenovo N23 Flex 11 Chromebook
Lenovo N23 Yoga 11 Chromebook
Lenovo N42 Chromebook
Lenovo Thinkcentre Chromebox
Lenovo Thinkpad 11e Chromebook
Lenovo Thinkpad 13 Chromebook
LG Chromebase 22cb25s
LG Chromebase 22cv241
MEDION Akoya S2013
MEDION Chromebook S2015
Mercer Chromebook
Mercer V2 Chromebook
NComputing Chromebook Cx100
Nexian Chromebook
Pcmerge Chromebook Pcm-116t-432b
Poin2 Chromebook 11
Poin2 Chromebook 14
Positivo Chromebook Ch1190
Prowise Entry Line Chromebook
Prowise Proline Chromebook
Rgs Education Chromebook
Samsung Chromebook 2 11
Samsung Chromebook 2 11 Xe500c12
Samsung Chromebook 2 13
Samsung Chromebook 3
Samsung Chromebook Plus
Samsung Chromebook Pro
Sector-five E1 Rugged Chromebook
Senkatel C1101 Chromebook
Toshiba Chromebook
Toshiba Chromebook 2
Toshiba Chromebook 2
True Idc Chromebook
True Idc Chromebook 11
Videonet Chromebook
Videonet Chromebook Bl10
Viglen Chromebook 11
Viglen Chromebook 360
XOLO Chromebook
Infineon RSA library<=1.02.013

Remediation

Patch Available

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

Patch Available

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

Event History

Oct 16, 2017
CVE Published
via MITRE·05:00 PM
Data Sourced
via MITRE·05:00 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2017-15361?

The severity of CVE-2017-15361 is rated as medium with a score of 5.9.

2

How do I fix CVE-2017-15361?

To fix CVE-2017-15361, update to a patched version of the Infineon RSA library, ideally version 1.02.014 or higher.

3

Which Infineon Trusted Platform Module (TPM) firmware versions are affected by CVE-2017-15361?

CVE-2017-15361 affects Infineon Trusted Platform Module firmware versions before 0000000000000422 - 4.34, 000000000000062b - 6.43, and 0000000000008521 - 133.33.

4

What type of vulnerability is CVE-2017-15361?

CVE-2017-15361 is an RSA key generation mishandling vulnerability in the Infineon RSA library.

5

Who is affected by CVE-2017-15361?

Users of Infineon Trusted Platform Module firmware and devices using the Infineon RSA library are affected by CVE-2017-15361.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203