Backdoored XZ-Utils Library Persists in Public Docker Hub Repositories

The XZ-Utils backdoor, disclosed in March 2024 and tracked as CVE-2024-3094, continues to persist in at least 35 Linux images hosted on Docker Hub, according to research from Binarly. This malicious code, originally inserted into versions 5.6.0 and 5.6.1 of the xz-utils compression tool, was embedded in the liblzma.so library and leveraged glibc’s IFUNC mechanism to hook functions in OpenSSH. If triggered with a matching private key, it allowed remote attackers to bypass authentication and execute commands as root. Despite the discovery leading to rapid response efforts in 2024, some Debian-based Docker images containing the compromised library remain publicly available. Binarly warns that other images have been built on top of these infected base layers, resulting in transitive infections that may extend further into the Docker ecosystem.

Binarly’s analysis shows that more than a year after the backdoor’s disclosure, at least 12 Debian Docker images on Docker Hub still contain the malicious library, with second-order images inheriting the backdoor through upstream dependencies. Debian maintainers, informed of the findings, chose not to remove the affected images, citing archival value and the belief that exploitation risk is low—given it requires SSH to be installed and running, network access to the service, and possession of the unique private key. However, Binarly and other security researchers caution that the lingering presence of these images poses a continued software supply chain risk, as outdated or archived images can still be pulled into CI/CD pipelines or reused by unsuspecting developers. The extent of the issue for Fedora, OpenSUSE, and other distributions impacted in 2024 remains unknown, as Binarly’s scan focused solely on Debian-based images.

The maintainers’ decision has sparked debate in the security community, balancing archival continuity against the risk of leaving exploitable images accessible to the public. While scanners such as Binarly’s XZ.fail have been available since shortly after the discovery to detect IFUNC-based hooking, the persistence of these images illustrates how quickly a short-lived compromise can embed itself into a wide range of dependent projects. The situation also underscores the need for more robust container registry hygiene, continuous binary-level scanning, and upstream dependency verification. Without such measures, backdoors like XZ-Utils can silently propagate and remain embedded in development pipelines long after initial disclosure.