Medium severity5.9NVD Advisory· Published Oct 16, 2017· Updated May 13, 2026

CVE-2017-15361

Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Affected products

Infineon/Rsa Library
cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*
Range: <=1.02.013
Infineon/Trusted Platform Firmware4 versions
cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*
- cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*
- cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*
- cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012nvdIssue TrackingPatchThird Party Advisory
sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_updatenvdIssue TrackingMitigationPatchThird Party Advisory
support.lenovo.com/us/en/product_security/LEN-15552nvdMitigationThird Party Advisory
www.securityfocus.com/bid/101484nvdThird Party AdvisoryVDB Entry
arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/nvdIssue TrackingThird Party Advisory
crocs.fi.muni.cz/public/papers/rsa_ccs17nvdIssue TrackingMitigationThird Party Advisory
dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/nvdIssue TrackingThird Party Advisory
keychest.net/rocanvdIssue TrackingMitigationThird Party Advisory
monitor.certipath.com/rsatestnvdMitigationThird Party Advisory
www.infineon.com/cms/en/product/promopages/tpm-update/nvdMitigationVendor Advisory
www.kb.cert.org/vuls/id/307015nvdIssue TrackingMitigationThird Party AdvisoryUS Government Resource
www.yubico.com/support/security-advisories/ysa-2017-01/nvdMitigationThird Party Advisory
blog.cr.yp.to/20171105-infineon.htmlnvd
cert-portal.siemens.com/productcert/pdf/ssa-470231.pdfnvd
ics-cert.us-cert.gov/advisories/ICSA-18-058-01nvd
security.netapp.com/advisory/ntap-20171024-0001/nvd
support.hpe.com/hpsc/doc/public/displaynvd
support.hpe.com/hpsc/doc/public/displaynvd
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.htmlnvd
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.059
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000