Proactive Measures in Light of CVE-2024-3094

PUBLISHED ON April 1, 2024
LAST UPDATED Apr 01, 2024

CVE-2024-3094 was disclosed on March 28, 2024, and with a critical impact rating and a CVSS score of 10.0, highlights the importance of vigilance and proactive security measures. 

Upon learning of CVE-2024-3094, members of our team conducted a thorough investigation to assess any potential exposure within our systems and products. ThreatX does not utilize the compromised XZ libraries (versions 5.6.0 or 5.6.1) and is therefore not vulnerable to the backdoor. 

While we are confident in the security of our systems, our security team is actively monitoring the situation and engaging with the broader security community to stay abreast of any developments related to this CVE. 

CVE-2024-3094 pertains to a malicious code discovery in the upstream tarballs of xz, specifically versions 5.6.0 and 5.6.1. Through complex obfuscations, the liblzma build process incorporates a prebuilt object file from a disguised test file, modifying the liblzma code. This alteration allows any software linked to this library to intercept and modify data interactions, posing a substantial risk. 

The issue currently affects Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem, with no reported impact on Red Hat Enterprise Linux (RHEL) versions. It is crucial to note that the vulnerability stems from the tarball download package, with the Git distribution lacking the malicious M4 macro necessary for triggering the build of the compromised code. Nevertheless, the presence of second-stage artifacts in the Git repository underscores the potential for exploitation during build time if the M4 macro is inadvertently merged. 

We encourage all organizations to review their systems for any use of the affected xz versions and to apply the necessary patches promptly. Also monitor official sources, such as the National Vulnerability Database (NVD) at CVE-2024-3094, for reliable updates and details regarding mitigation measures. 

About the Author

Neil Weitzel

Neil is the Manager of the ThreatX Security Operations Center and is located in Boston, MA. He has 15 years of experience working in various roles, from user support to leading security programs. Neil has profound experience in security architecture and cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an Application Security Architect, Cigital (now Synopsys) as their Practice Director of Vulnerability Assessments, and EIQ Networks (now Cygilant) as their Director of Security Research. Neil also served as a Cybersecurity Instructor and delivered numerous Security and Defensive Programming courses to various clients such as NASA and PayPal. He is an active member of the security community and has delivered lectures at DEF CON, OWASP and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at his alma mater, Indiana University.