The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26541
Reference (s):
- https://lkml.org/lkml/2020/9/15/1871