CVE-2024-3094

Published Mar 29, 2024

Last updated 10 months ago

CVSS critical 10.0
SSH
Cloud
Container Security
System
Supply chain
Port (22)

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-3094 refers to a supply chain compromise discovered in versions 5.6.0 and 5.6.1 of XZ Utils, a widely used data compression software found in major Linux distributions. Malicious code was surreptitiously introduced into the upstream tarballs of XZ Utils. Through a series of complex obfuscations, the build process for the `liblzma` library (a core component of XZ Utils) extracts a prebuilt object file from a disguised test file within the source code. This object file then modifies specific functions within the `liblzma` code. This modification results in a compromised `liblzma` library that can be leveraged by any software linked against it. Specifically, the malicious code targets the OpenSSH server (SSHD) process, allowing a remote attacker with a specific private key to send arbitrary payloads that are executed before the authentication step, potentially leading to unauthorized remote code execution. The vulnerability was discovered on March 28, 2024, by Andres Freund, who noticed unusual CPU usage and errors related to `liblzma` during SSH logins.

Description
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Source
secalert@redhat.com
NVD status
Modified
Products
xz

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

The attack is believed to be a nation-state level attack, and only the rogue developer and groups with which the compromised key has been shared would be able to gain access. As such, it is not likely to be widely exploited.

More information is available in our blog post here.

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secalert@redhat.com
CWE-506

Social media

Hype score
Not currently trending

  1. The XZ Utils backdoor (CVE-2024-3094) was nearly merged into major Linux distributions after a sophisticated 2-year social engineering campaign against an open source maintainer. Supply chain attacks target humans, not just code. #XZUtils #SupplyChain

    @theGreyHatter

    4 Jun 2026

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Not backlog. Blast radius. CVE-2024-3094 is an active risk signal. The story is not the identifier; the story is the operational window it opens. If it is in your stack, check exposure and patch status while the signal is still fresh. Then answer the questions that matter before

    @GoCocoaAI

    31 May 2026

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. CVE-2024-3094 exposed a gaping hole in OpenSSH due to GNU IFUNC and SystemD dependencies. If your SSH server is tied to xz-utils, you need to reevaluate your supply chain before the next backdoor appears.

    @protogenies

    28 May 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Discover the truth behind CVE-2024-3094! ๐Ÿ›ก๏ธ It turns out GNU IFUNC is at the center of this vulnerability. Stay informed and protect your systems. Knowledge is power! #CyberSecurity #VulnerabilityAlert https://t.co/BitirOaorb

    @winsontang

    10 May 2026

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. GNU IFUNC is the real culprit behind CVE-2024-3094 https://t.co/5T9NZ5eC5e (https://t.co/JIyUc4ERXQ)

    @betterhn50

    8 May 2026

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. GNU IFUNC is the real culprit behind CVE-2024-3094 https://t.co/76TkCJxwhO (https://t.co/Lq8xZ1lPVV)

    @betterhn20

    8 May 2026

    261 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. โ„๏ธ๐Ÿ•Š๏ธ GNU IFUNCใŒCVE-2024-3094ใฎ่ƒŒๅพŒใซใ„ใŸใ‚“ใ ใฃใฆ๏ผLinuxใฎใ‚ทใ‚นใƒ†ใƒ ใ‚ณใƒผใƒซไปฒไป‹ๆฉŸ่ƒฝใŒๆƒณๅฎšๅค–ใฎ่„†ๅผฑๆ€งใ‚’็”Ÿใฟๅ‡บใ—ใฆใŸใ‚“ใ ใญใ€‚ใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใฃใฆๅฅฅใŒๆทฑใ„ใตใ‚ใตใ‚โ€ฆ ๐Ÿ“ฐ๐Ÿ”’ https://t.co/J5OMM6GIiv

    @whitehatbird

    8 May 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. GNU IFUNC is the real culprit behind CVE-2024-3094 https://t.co/GwzwT4V306 #LatestTech #technews

    @techdaily24

    8 May 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. GNU IFUNC is the real culprit behind CVE-2024-3094 https://t.co/zB1B7s23Hf https://t.co/EY5D9aVjIr

    @RigneySec

    8 May 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. GNU IFUNC is the real culprit behind CVE-2024-3094 https://t.co/xIu4pi1Wnn 5

    @BernieAdams23

    8 May 2026

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Red Hat Warns of Backdoored Linux Tool: CVE-2024-3094 Puts Systems at Risk https://t.co/Um5UGUcy7e

    @osourcenews

    15 Apr 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Mรกs de 500k servidores SSH podrรญan haberse visto expuestos a una potencial ejecuciรณn remota de cรณdigo (RCE) privilegiado debido a la vulnerabilidad CVE-2024-3094 en xz Utils. Esta vulnerabilidad fue intencionalmente insertada por un atacante en las versiones 5.6.0 y 5.6.1 de

    @BotBauR

    8 Apr 2026

    41 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2024-3094 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations ... https://t.co/TPe3c2PGmv https://t.co/LkNv7HQ5yv

    @CVEradars

    2 Apr 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ๐Ÿšจ Threat Alert: *Supply Chain Attacks Targeting DevSecOps Tools (2024โ€‘2026)* ๐Ÿ“… Date: 2024-03-28 to 2026-03-24 ๐Ÿ“† Timeline: - 2024-03-28: XZ Utils backdoor discovered (CVE-2024-3094). - 2025-03-14: reviewdog/action-setup compromise โ†’ tj-actions/changed-files; memory-

    @syedaquib77

    1 Apr 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. NEW THREAT INTEL: 36-Month Supply Chain Campaign - CVE-2024-3094, CVE-2025-30066, CVE-2025-30154 targeting DevSecOps tools. 9 detections, 25 IOCs. https://t.co/zzfpPPRubl #ThreatIntel #CyberSecurity #SupplyChain https://t.co/v6VlWmFXLa

    @threadlinqs

    1 Apr 2026

    188 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. https://t.co/feGsMWjZiq Linux็ณปOSใซใŠใ‘ใ‚‹XZ Utilsใฎใƒใƒƒใ‚ฏใƒ‰ใ‚ขๅ•้กŒ๏ผˆCVE-2024-3094๏ผ‰ใซ้–ขใ™ใ‚‹ใƒฌใƒใƒผใƒˆใงใ™ใ€‚ใƒชใƒขใƒผใƒˆใ‹ใ‚‰ไธๆญฃใ‚ขใ‚ฏใ‚ปใ‚นใ‚’ๅ—ใ‘ใ‚‹่‡ดๅ‘ฝ็š„ใชๅ•้กŒใงใ™ใ€‚่ฉฒๅฝ“ใƒใƒผใ‚ธใƒงใƒณใ‚’ๅˆฉ็”จใ—ใฆใ„ใ‚‹ๅ ดๅˆใฏ็›ดใกใซใ‚ขใƒƒใƒ—ใƒ‡ใƒผ

    @Anti_Ch_PCgc

    1 Apr 2026

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical Alert: Malicious code found in 'xz' compression tool (CVE-2024-3094) allows unauthorized remote access to Linux systems. Immediate action required! Link: https://t.co/utFPJ66waV #Security #Linux #CVE #Alert #Threat #Vulnerability #Patch #Update #System #Attack #Exploit h

    @dailytechonx

    28 Mar 2026

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ๐Ÿ“Œ ุชุญุฐูŠุฑ Red Hat ุจุดุฃู† ุชุถู…ูŠู† ุจุฑู…ุฌูŠุงุช ุฎุจูŠุซุฉ ููŠ ุฃุฏุงุฉ Linux ุดุงุฆุนุฉ ุชุชูŠุญ ูˆุตูˆู„ุงู‹ ุบูŠุฑ ู…ุตุฑุญ ุจู‡ ู„ู„ุฃู†ุธู…ุฉ ุฃุตุฏุฑุช Red Hat ุชุญุฐูŠุฑุงู‹ ุฃู…ู†ูŠุงู‹ ุญุฑุฌุงู‹ ุจุดุฃู† ุงูƒุชุดุงู ูƒูˆุฏ ุฎุจูŠุซ ู…ุนู‚ุฏ ู…ุฏู…ุฌ ููŠ

    @MisbarSec

    27 Mar 2026

    232 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. BREAKING: Red Hat warns CVE-2024-3094 malware in xz compression utility enables remote unauthenticated access to Linux systems in sophisticated supply chain attack. https://t.co/5aehiddZVP

    @threatcluster

    27 Mar 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-3094ใ ใ‘ใฉๆ–ฐ็€่จ˜ไบ‹ใ ใ‹ใ‚‰็ดนไป‹ใ—ใฆใฟใŸใ‚‚ใฎใฎ็›ฎๆ–ฐใ—ใ„ใ“ใจใŒๅ…จใ็„กใ„ใฎใงๅ‰Š้™คใ—ใพใ—ใŸ

    @yousukezan

    27 Mar 2026

    874 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. ๐Ÿšจ ๐๐ž๐ฐ ๐ฏ๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ ๐š๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐ฉ๐ฎ๐›๐ฅ๐ข๐ฌ๐ก๐ž๐! Uncover how CVE-2024-3094 in XZ Utils triggered a national police outreach and why supply-chain risk monitoring is critical for proactive

    @PurpleOps_io

    26 Mar 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. ไปŠใ€้ข็™ฝใใ‚ปใ‚ญใƒฅใƒชใƒ†ใ‚ฃใฎ่ฉฑใ‚’่ชฌๆ˜Žใงใใชใ„ใ‹ใชใจๆ€ใฃใฆใ„ใŸใ‚‰้ข็™ฝใ„ๅ‹•็”ปใŒใ‚ใฃใŸใ€‚ CVE-2024-3094ใ‚’ใŠใใ‚‰ใ้กŒๆใซใ—ใŸใฎใ ใจๆŽจๆธฌใ•ใ‚Œใ‚‹ใ‘ใฉใ€ใ‚ˆใใพใจใพใฃใฆใ„ใ‚‹ใ€‚ https://t.co/wHewFyLBn7 ๆœ€ๅพŒใฎใ—ใ‚ใใใ‚ŠใŒ

    @mikekousyaku

    20 Mar 2026

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Jia Tan, a ghost almost backdoored the entire internet. CVE-2024-3094. Severity 10. Then vanished forever. Now he's a coin. And he brought a game. https://t.co/bDIVd06kjQ

    @abanonded

    15 Mar 2026

    3 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  24. An investigation into the XZ Utils backdoor (CVE-2024-3094), detailing Jia Tan's multi-year social engineering campaign and the technical infiltration of Linux. #CyberSecurity #Linux #XZBackdoor #OpenSource #TechThriller https://t.co/H1TBvADPou

    @galvin_8386

    12 Mar 2026

    5 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Top 5 Trending CVEs: 1 - CVE-2024-3094 2 - CVE-2025-43300 3 - CVE-2026-2796 4 - CVE-2026-1602 5 - CVE-2025-11411 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    11 Mar 2026

    224 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. The XZ Utils backdoor (officially tracked as CVE-2024-3094) refers to one of the most serious supply-chain attacks discovered in open-source software in recent years Andres Freund noticed strange performance issues and delays in sshd login attempts while t https://t.co/jUQxSl5WeX

    @Patrick12131682

    10 Mar 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. A Microsoft engineer noticed ssh was 500ms slower than usual. That lag just saved the entire Linux ecosystem from a state-sponsored backdoor. Here's how CVE-2024-3094 nearly pwned every SSH server on earth. ๐Ÿงต https://t.co/2krl4iRZN9

    @emredogancloud

    9 Mar 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. ุงู„ุฎุจุฑ ู…ุฑ ุจู‡ุฏูˆุก: ู…ู‡ู†ุฏุณ ู…ุงูŠูƒุฑูˆุณูˆูุช ู„ุงุญุธ ุชุฃุฎูŠุฑ 500ms ููŠ SSHุŒ ูุงูƒุชุดู backdoor ููŠ XZ Utils. ุซุบุฑุฉ CVE-2024-3094 ู…ู† ู‡ุฌูˆู… supply chain ู…ุฏุฑูˆุณ ุณู†ุชูŠู†ุŒ ูƒุงู† ู…ู…ูƒู† ูŠุณูŠุทุฑ ุนู„ู‰ ุณูŠุฑูุฑุงุช ุงู„ุนุงู„ู…. ุช

    @Ibn_al_Mundhir

    4 Mar 2026

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Day 31: Today I dove into CVE-2024-3094, the infamous XZ Utils backdoor. ๐Ÿ›ก๏ธ๐Ÿ’ป This wasn't just a bug; it was a multi-year "long con" supply chain attack that nearly broke the internet. Hereโ€™s what I learned: ๐Ÿงต #infosec #XZUtils

    @dheeraditya1

    28 Feb 2026

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Do you know story behind CVE-2024-3094? In 2024, a backdoor hidden inside the XZ compression library nearly turned Linuxโ€™s most reliable component: OpenSSH into a universal master key for millions of servers. https://t.co/7fUKhu6ziF #CyberSecurity #Linux #OpenSource #SupplyCha

    @cloudarcio

    27 Feb 2026

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Just watched the @veritasium Youtube video on the XZ Utils backdoor (CVE-2024-3094). In 2024, while everyone was hyped about AI, a years-long "long con" almost crippled the global Linux ecosystem. Itโ€™s terrifying how close we came to a total security meltdown. ๐Ÿ‘‡

    @SaikatMondal021

    26 Feb 2026

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. I remember checking VMs & build boxes for this backdoor. (screenshot from @veritasium vid). XZ Utils Backdoor (CVE-2024-3094) is a critical supply-chain vulnerability discovered in the widely used Linux compression library xz (specifically versions 5.6.0 and 5.6.1). This ht

    @oblivion314159

    26 Feb 2026

    184 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  33. ๐Ÿšจ CVE-2024-3094 : XZ UTILS SUPPLY CHAIN BACKDOOR AUTHENTICATION BYPASS ALERT ๐Ÿšจ XZ Utils A critical unauthenticated backdoor has been discovered in XZ Utils liblzma library, allowing attackers to bypass OpenSSH authentication and gain root-level access via a malicious suppl

    @OstorlabSec

    9 Feb 2026

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. ๐Ÿ”“ CVE-2024-3094: a backdoor no XZ Utils quase comprometeu toda a infraestrutura SSH do Linux. Um mantenedor plantou cรณdigo malicioso por ANOS atรฉ ser descoberto por acidente. Supply chain attacks sรฃo o novo normal. Vocรช audita suas dependรชncias? #infosec #cybersecurity

    @colapsodigital

    7 Feb 2026

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Automated multi-VM cyber-range using Ludus deploys GOAD and XZbot labs with Elastic Agent for detection validation against live CVE-2024-3094 backdoor attacks. AI-driven hunting via Elastic SIEM/XDR enhances forensics. #GOADLabs #AIHunting https://t.co/IeYDJ05Tpl

    @TweetThreatNews

    7 Feb 2026

    179 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  36. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-20805 3 - CVE-2024-3094 4 - CVE-2024-1234 5 - CVE-2010-5139 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    3 Feb 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. The #xz (CVE-2024-3094) is a perfect example of a #supplychainattack. We have a short explainer on the blog on how our Anchore Enterprise customers and OSS #Syft users can immediately report on it. https://t.co/mkCUEv3kZx https://t.co/vs5tNBAlfO

    @anchore

    12 Jan 2026

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    7 Jan 2026

    211 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    21 Dec 2025

    134 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    4 Dec 2025

    233 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    17 Nov 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ๐Ÿ“ข ๐๐ž๐ฐ ๐‚๐•๐„ ๐š๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐ฃ๐ฎ๐ฌ๐ญ ๐๐ซ๐จ๐ฉ๐ฉ๐ž๐! CVE-2024-3094 exposes a critical backdoor in Linux tools. Uncover how threat intelligence and supply-chain monitoring fight this hidden threat. ๐ŸŒ Explore the write-u

    @PurpleOps_io

    2 Nov 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    31 Oct 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. ๐Ÿ“ข ๐‡๐จ๐ญ ๐จ๐Ÿ๐Ÿ ๐ญ๐ก๐ž ๐ฉ๐ซ๐ž๐ฌ๐ฌ: ๐‚๐•๐„ ๐ข๐ง๐ฌ๐ข๐ ๐ก๐ญ๐ฌ! Discover how CVE-2024-3094 silently compromised SSH across major Linux systems and learn how to defend with real threat intel and supply chain monitoring. ๐Ÿ“– Check

    @PurpleOps_io

    19 Oct 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    14 Oct 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. ๐Ÿšจ ๐…๐ซ๐ž๐ฌ๐ก ๐‚๐•๐„ ๐š๐ฅ๐ž๐ซ๐ญ ๐ฃ๐ฎ๐ฌ๐ญ ๐ข๐ง! Learn how CVE-2024-3094 silently compromised XZ Utils in a high-stakes supply-chain backdoor threat-and what your team must do now. ๐Ÿ”— Read the full breakdown โ†’ https://t.co/7GfWiDlpVk Jo

    @PurpleOps_io

    5 Oct 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    27 Sept 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    9 Sept 2025

    140 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http

    @jrfetzer

    23 Aug 2025

    156 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 35+ Docker Hub images still have XZ-Utils backdoor (CVE-2024-3094), letting attackers bypass SSH auth & run commands as root. Debian keeps backdoored images for archival reasons. Check containers for XZ-Utils 5.6.2+ to avoid this risk in CI/CD pipelines. #Cyber

    @bigmacd16684

    20 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. CVE-2025-14269
  2. Nx Console Embedded Malicious Code Vulnerabilityโ€ขCVE-2026-48027
  3. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.โ€ขCVE-2026-46300
  4. LiteSpeed cPanel Plugin Privilege Escalation Vulnerabilityโ€ขCVE-2026-48172
  5. In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.โ€ขCVE-2026-46333

References

Sources include official advisories and independent security research.