CVE-2017-15361

Name of the Vulnerable Software and Affected Versions Infineon Trusted Platform Module (TPM) firmware versions prior to 0000000000000422 - 4.34 Infineon Trusted Platform Module (TPM) firmware versions prior to 000000000000062b - 6.43 Infineon Trusted Platform Module (TPM) firmware versions prior to 0000000000008521 - 133.33 YubiKey 4 versions prior to 4.3.5

Description The issue is related to the mishandling of RSA key generation in the Infineon RSA library, making it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks. This can be exploited by a remote attacker to reveal the secret part of a key. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Recommendations For Infineon Trusted Platform Module (TPM) firmware versions prior to 0000000000000422 - 4.34, update to a version after 0000000000000422 - 4.34. For Infineon Trusted Platform Module (TPM) firmware versions prior to 000000000000062b - 6.43, update to a version after 000000000000062b - 6.43. For Infineon Trusted Platform Module (TPM) firmware versions prior to 0000000000008521 - 133.33, update to a version after 0000000000008521 - 133.33. For YubiKey 4 versions prior to 4.3.5, update to version 4.3.5 or later.