CVE-2024-3094 – Linux Supply Chain Compromise Affecting XZ Utils Data Compression Library

Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6.1. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.


The XZ Utils library is used for data compression on Unix/Linux operating systems. It is a command-line tool used to compress and decompress XZ files. On March 29, 2024, a supply-chain compromise was discovered in the XZ package as malicious code that could provide a backdoor into systems through this utility. At this time, it is believed that only XZ Utils versions 5.6.0 and 5.6.1 are impacted. 

It is too early to tell if the malicious code has been exploited, as the issue was just discovered, research is still ongoing, and more information will be made available by the security community in the coming days, we will update this page with more information as it is available. It is uncertain if the individual who made the code commits containing the malicious code is directly responsible or if their system or accounts have been compromised. 

Is Panther Affected?

Panther’s security team has assessed the vulnerability, and at this time it does not impact the Panther platform. We will continue to evaluate the risk as more information is made available. It is also important to note that Amazon Web Services (AWS) states that its infrastructure is not impacted, as it does not utilize the XZ Utils library at all.

How to Identify if a System Is Affected

Most systems using the XS Utils library are running version 5.2 / 5.4, which are not affected, 5.6 is the compromised version. To identify if your system is impacted you can run “xz -V” on the command line to see what version you are running.

What if My System Has the Affected Version?

It is recommended that users downgrade their XZ Utils to the prior uncompromised version, such as XZ Utils 5.4.6 Stable. As the issue is still being investigated, there are currently no IoCs or specific guidance on what to look for to identify if a system has been exploited. If you identify a system with the affected version, extra vigilance should be applied to monitor those systems and hunt for signs of malicious activity.  

How to Detect the XY Vulnerability with Panther

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo