Began port to RHEL5 2.6.18-157: 7/12/09 12:00PM
...
The buggy commit was backported to a RHEL5 test kernel on April 15th
(the latest test kernel is still vulnerable and likely without this
exploit being released, the code would have made it into the next
RedHat kernel update)
https://bugzilla.redhat.com/show_bug.cgi?id=495863
That bug report says the first test kernel with that 'fix' applied was kernel-2.6.18-148.el5.
