Critical Permissions Vulnerability in Fedora's Rust-Resctl-Bench Tool

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Summary

A significant permissions vulnerability has been identified in the Fedora Rust-Resctl-Bench tool, linked to CVE-2026-33056, published on March 20, 2026. This issue allows for arbitrary directory permission modifications via crafted tar archives, potentially impacting systems using this benchmarking tool. The vulnerability arises from improper handling of permissions when extracting tar files, which could lead to unauthorized access or privilege escalation. Users of Fedora 42 and Fedora 44 are advised to update their systems to mitigate this risk. The vulnerability was addressed in updates released on March 23, 2026, by Benjamin A. Beasley, who rebuilt the tool with rust-tar version 0.4.45. The update can be installed using the 'dnf' package manager. Security professionals are urged to apply the patch promptly to prevent exploitation. The scope of impact is significant, given the tool's use in evaluating resource control and hardware behaviors. Key Points: • CVE-2026-33056 allows arbitrary directory permission modifications. • Affected systems include Fedora 42 and Fedora 44 using Rust-Resctl-Bench. • Updates were released on March 23, 2026, to address the vulnerability.

Key Entities

• Fedora (company)
• CVE-2026-33056 (cve)