NI Security Update for Intel® CPU Vulnerabilities

Overview

Potential security vulnerabilities in Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL may allow escalation of privilege, denial of service or information disclosure described in CVE-2019-11090, CVE-2019-11088, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087, CVE-2019-11101, CVE-2019-11100, CVE-2019-11102, CVE-2019-11103, CVE-2019-11104, CVE-2019-11105, CVE-2019-11106, CVE-2019-11107, CVE-2019-11108, CVE-2019-11110, CVE-2019-11097, CVE-2019-0131, CVE-2019-11109, CVE-2019-11131, CVE-2019-11132, CVE-2019-11147.

 

For more information, refer to NI Security Update for Microarchitectural Data Sampling Vulnerabilities.

Contents

Mitigation Guidance

Depending on the controller you are using, you may need to perform one or both of the following steps:

  1. Apply the BIOS update provided by NI for your controller.
  2. Apply the CSME firmware update.

Affected Products

Affected PXI/PXI Express Controllers

Controller Model

BIOS/Firmware Download

PXIe-8861

1) BIOS: 19.5.1f0

2) Minimum version of Fixed Firmware: 11.8.70

    MEUpdate: NI_ME_11.8.71.3630_USB.zip

Affected CompactDAQ/CompactRIO/Vision/OEM Controllers

Controller Model

BIOS/Firmware Download

cRIO-904x

Contact NI

cRIO-904x TPM

Contact NI

USRP-2974

1) BIOS: 1.0.4f0

2) Minimum version of Fixed Firmware: 11.8.70

    MEUpdate: NI_ME_11.8.71.3630_USB.zip