An out-of-bounds memory read was found affecting kernels from 4.3-rc1 onwards. This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c.
upstream linux kernel commit cc25b994acfbc901429da682d0f73c190e960206
Created attachment 1090799 [details]
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2, as the code introduced the flaw is not present in these products.