An out-of-bounds memory read was found affecting kernels from 4.3-rc1 onwards. This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c.
upstream linux kernel commit cc25b994acfbc901429da682d0f73c190e960206
Created attachment 1090799 [details]
Red Hat would like to thank Mimi Zohar of IBM for reporting this issue.
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code introduced the flaw is not present in these products.