An out-of-bounds memory read was found affecting kernels from 4.3-rc1 onwards. This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c. References: upstream linux kernel commit cc25b994acfbc901429da682d0f73c190e960206 http://permalink.gmane.org/gmane.linux.kernel.commits.head/561953 http://seclists.org/oss-sec/2015/q4/390
Created attachment 1090799 [details] Patch
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code introduced the flaw is not present in these products.