Publicly accessible Google VM instance contains critical vulnerability CVE-2024-3094 (RCE in liblzma and xz versions 5.6.0 and 5.6.1)

Description

A publicly accessible host is affected by CVE-2024-3094. The vulnerability is found in liblzma and xz versions 5.6.0 and 5.6.1. The vulnerable libraries contained the ability for remote code execution.

Not all distributions are affected, for more information see the security center post.

Remediation

  1. Evaluate the need for public accessability for your instance and remove it from the public internet if possible.
  2. To manually determine if your systems are running the affected version you can use the following shell command: $ xz --version
  3. It is recommended to downgrade the XZ Utils library to an uncompromised version such as 5.4.6. In addition, if you are using an affected distribution it is encouraged to hunt for any malicious activity involving the impacted instance.