Red Hat revealed a critical vulnerability, CVE-2024-3094, with a CVSS score of 10, affecting XZ tools and libraries.

The vulnerability was uncovered when an engineer noticed SSH performance issues, leading to the discovery of a supply chain attack.

Attackers were able to inject malicious code into liblzma, enabling remote code execution and SSH authentication bypass.

Kubernetes users are significantly impacted, especially on nodes with public-facing SSH servers using the compromised liblzma.

Mitigation strategies include patching, vulnerability scanning, and adhering to Kubernetes security best practices.

Major Linux distributions are affected, with advisories to either downgrade or update to secure versions of the software.

ARMO's Kubernetes-native security solution is mentioned as a tool to help handle CVE-related issues and maintain compliance.