This firmware update (V3.1.0) provided by IBM updates QRadar® M6 appliances with updates for UEFI, XCC, RAID controllers, and HDD software fixes and enhancements. This firmware can be used on all QRadar M6 appliances, but requires that the administrator configures their XClarity Controller (XCC) for remote management.
Part 1: About the M6 firmware V3.1.0 update
The M6 firmware v3.1.0 ISO is intended to remotely update software through the XClarity Controller (XCC) user interface. Administrators must extract the EXE file and apply the .uxz file to update their XClarity Controller, then the ISO can be mounted to apply the remainder of the firmware updates. The installation instructions are provided on tab named 'Part 2. Installing Firmware Updates'. These instructions guide customers through a remote upgrade of their firmware. If you are local to your appliances or have issues with your XClarity configuration, you can use the USB installation instructions for on-premise updates. For more information, see: M6 3.1.0 USB on-premise updates.
Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
Supported appliances, types, and model information
This firmware update applies to the following IBM Security QRadar M6 (1U and 2U form factor) appliance types:
|Appliance and Machine type models (MTM)||
IBM QRadar Network Insights Appliance 1901 G2 (4563-F8Y)
IBM QRadar Network Insights Appliance 1910 G2 (4563-F7Y)
IBM QRadar Network Insights Appliance 1920 G2 (4563-F5F)
IBM QRadar Core Appliance XX29 G2 (4563-Q4A)
IBM QRadar Core Appliance XX48 G2 (4563-Q5B)
IBM QRadar Core Appliance XX05 G4 (4563-Q3E)
IBM QRadar Incident Forensics Appliance G4 (4563-F3A)
IBM QRadar Event/QFlow Collector Appliance 1501/1201 G4 (4563-Q5D)
IBM QRadar Network Packet Capture Appliance G2 (4563-F3C)
|Server Machine Type||SR630 / M6 1U
SR650 / M6 2U
Important information and prerequisites in this firmware update
|Component||Prerequisite version||Firmware version in this update||File name|
|UEFI/BIOS||ive126o-1.41 or later||ive164l-2.80||lnvgy_fw_uefi_ive164l-2.80_anyos_32-64.uxz|
|PCi and LOM adapters||None||7.21-4.11-1.2585.0||intc-lnvgy_fw_nic_net-7.21-4.11-1.2585.0-all-04_linux_x86-64.bin
Note: PCi and LOM versions are the same as the M6 V1.1.0 release, no changes in firmware V2.0.0.
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the latest firmware version that is available for your drive.
- The base system pack might contain other firmware packages that are not present in QRadar appliances. Firmware updates from the base system pack can be listed when the tool compares available firmware to the hardware in the appliance and display a status of "undetected".
- For general firmware questions and information see our FAQ page at http://ibm.biz/qradarfirmware.
Security issues resolved in this firmware update
This table defines the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.
|Component||File name||CVEs resolved in this package|
|UEFI/BIOS||lnvgy_fw_uefi_ive164l-2.80_anyos_32-64.uxz||CVE-2020-8696, CVE-2020-8755, CVE-2020-8705, CVE-2020-0587, CVE-2020-0591, CVE-2020-0592, and
|XCC||oem_fw_xcc_cdo364m-5.40_anyos_noarch.uxz||CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2016-6153, CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2017-5130, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2017-10989, CVE-2017-12799, CVE-2017-12967, CVE-2017-13710, CVE-2017-14129, CVE-2017-14130, CVE-2017-14333, CVE-2017-14529, CVE-2017-14930, CVE-2017-14932, CVE-2017-14933, CVE-2017-14934, CVE-2017-14938, CVE-2017-14939, CVE-2017-14940, CVE-2017-14974, CVE-2017-15020, CVE-2017-15021, CVE-2017-15022, CVE-2017-15023, CVE-2017-15024, CVE-2017-15025, CVE-2017-15225, CVE-2017-15938, CVE-2017-15939, CVE-2017-15996, CVE-2017-16544, CVE-2017-16931, CVE-2017-16932, CVE-2017-17484, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-1000494, CVE-2018-6872, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122|
|PCi and LOM adapters||intc-lnvgy_fw_nic_net-7.21-4.11-1.2585.0-all-04_linux_x86-64.bin||None|
Table 3: Security issues resolved in the M6 firmware update V3.1.0. For all changes, see the .CHG files associated with this firmware bundle.
A. Before you begin
- This installation method uses the hardware's integrated XCC interface to remotely update firmware.
- If your appliances are in a HA pair, you must prepare your high-availability appliances by using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA .
- A number of hard disk drives can be installed in this appliance. The HDD update tool examines the hard disk drives that are present and selects the most current firmware level that is available.
B. Downloading and extracting the firmware update
- Download the QRadar M6 appliance firmware from IBM Fix Central.
Note: Administrators can select either download link as the firmware download is identical for all QRadar versions.
- Copy the M6 appliance firmware EXE to a directory on the Windows host.
- Double-click the file Qradar_EXE_M6_1U_SR630_7X02_2U_SR650_7X06_3_1_0.exe.
- Select or type a directory path for the firmware update and click Extract.
- The following files are extracted from the EXE file.
C. Updating the XCC firmware
- Log in to the XClarity interface on your QRadar M6 appliance.
- From the navigation sidebar, click Firmware Update.
- Click Update Firmware.
- Click Select File and choose the XClarity (XCC) firmware update oem_fw_xcc_cdo364m-5.40_anyos_noarch.uxz.
- Click Next to upload and verify the XCC firmware file.
- Select the BMC (Primary) check box and click Next.
Important: The backup firmware bank is automatically updated. Administrators should ensure the BMC (Backup) check box is cleared (not selected). Administrators who select both check boxes must reinstall their firmware to ensure the primary bank updates properly.
- Wait for the update the primary firmware banks to complete.
- Click Restart BMC and clear your browser cache.
Wait for 5 minutes for the XCC interface to restart and log in. Continue to the next section to mount the firmware ISO and configure the boot options.
D. Mounting the M6 Firmware ISO
- From the OEM Controller menu, click Remote Console.
- Click Remote Console Preview.
IMPORTANT: Confirm the following parameters:
2a. Launch the session in Single User Mode.
2b. Clear the Allow others to request my remote session disconnect check box. It is important that other administrators do not force or take your session.
2c. Click Launch Remote Console to connect to the appliance.
- To open the file mount options, click Diagnostic > Media.
IMPORTANT: Confirm the following parameters:
3a. Verify the First Boot Device is set to CD/DVD Rom.
3b. Verify the Boot Mode drop-down is set as Legacy Mode.
- Click Mount Local Media, and click Activate.
- Click Browse and select Qradar_ISO_M6_1U_SR630_7X02_2U_SR650_7X06_3_1_0.iso.
- Click Mount all local media. If successful, a check mark appears next to the uploaded ISO file.
- From the OEM Controller menu, click OS Installation.
- Select Power > Boot Server to System Startup.
- Wait for the setup menu to display.
- From the navigation menu, click UEFI Setup.
- Click Start Options, then CD/DVD Rom.
- In the Update Settings menu, verify all check boxes are clear (not selected) and click Next.
- From the Update Comparison menu, click Begin.
- The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
- Review the list of updates.
Important: In the next step, administrators should review that all recommended updates are CHECKED with the exception of the Lenovo/XClarify Controller XCC as this firmware was updated manually by the administrator in previous steps.
- Verify the check box for Lenovo/XClarity Controller (XCC) is clear (not selected) and click Next.
- Wait for the firmware updates to load.
- Click Begin Update to install the firmware.
NOTE: Administrators might be prompted with a confirmation dialogue and need to click Next to continue.
- Verify that all updates complete successfully and click Next.
- If you experienced any errors, click Save Log or click Finish to exit after a successful installation.
- The appliance must reboot to complete the firmware installation.
- Log in to the XClarity interface and connect to the appliance using the Remote Console.
- Click Diagnostic > Media and unmount the ISO file.
After the ISO file is unmounted, the administrator can log out and complete this procedure on other QRadar appliances. If you experience any installation issues, you can contact QRadar Support for assistance and open a software support case for your appliance. The support representative can request the firmware logs for review to determine the root cause of the issue or if replacement hardware is required. If the issue is hardware related, the support representative can change the case type and involve the proper teams to schedule replacement parts.
01 April 2021