Proactive Measures in Light of CVE-2024-3094

PUBLISHED ON April 1, 2024
LAST UPDATED April 25, 2024

CVE-2024-3094 was disclosed on March 28, 2024, and with a critical impact rating and a CVSS score of 10.0, highlights the importance of vigilance and proactive security measures. 

Upon learning of CVE-2024-3094, members of our team conducted a thorough investigation to assess any potential exposure within our systems and products. ThreatX does not utilize the compromised XZ libraries (versions 5.6.0 or 5.6.1) and is therefore not vulnerable to the backdoor. 

While we are confident in the security of our systems, our security team is actively monitoring the situation and engaging with the broader security community to stay abreast of any developments related to this CVE. 

CVE-2024-3094 pertains to a malicious code discovery in the upstream tarballs of xz, specifically versions 5.6.0 and 5.6.1. Through complex obfuscations, the liblzma build process incorporates a prebuilt object file from a disguised test file, modifying the liblzma code. This alteration allows any software linked to this library to intercept and modify data interactions, posing a substantial risk. 

The issue currently affects Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem, with no reported impact on Red Hat Enterprise Linux (RHEL) versions. It is crucial to note that the vulnerability stems from the tarball download package, with the Git distribution lacking the malicious M4 macro necessary for triggering the build of the compromised code. Nevertheless, the presence of second-stage artifacts in the Git repository underscores the potential for exploitation during build time if the M4 macro is inadvertently merged. 

We encourage all organizations to review their systems for any use of the affected xz versions and to apply the necessary patches promptly. Also monitor official sources, such as the National Vulnerability Database (NVD) at CVE-2024-3094, for reliable updates and details regarding mitigation measures. 

About the Author

Neil Weitzel

A results-driven cybersecurity leader, Neil Weitzel is dedicated to empowering organizations through robust security strategies. With over 15 years of experience leading security programs and teams, Neil possesses a unique ability to align security initiatives with business goals. As the current Director of Security Operations at ThreatX, he excels at identifying and mitigating risks, ensuring business continuity and resilience. Neil's track record includes successful leadership roles at Cognizant, Synopsys, and Cygilant, where he consistently built and strengthened security postures. An active thought leader, Neil is a frequent speaker and adjunct lecturer, contributing to the cybersecurity community's growth and development.