CVE-2024-3094

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.6.0 through 5.6.1

Description Malicious code was discovered in the upstream tarballs of XZ Utils. Through complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file in the source code to modify specific functions within the liblzma library. This supply chain compromise allows a remote attacker to bypass OpenSSH authentication and execute arbitrary code with root-level privileges. The attack specifically targets x86-64 Linux systems using the GNU linker and GCC, hooking the RSA public decrypt() function via IFUNC (Indirect Function) to intercept authentication. The backdoor was introduced by a maintainer persona who spent years building trust within the project.

Recommendations Downgrade to XZ Utils version 5.4.6 or earlier and remove all traces of compromised versions. Rebuild all systems from known-good base images using safe XZ Utils releases. Remove affected versions from build caches, artifact repositories, and production systems.