The GRUB2 upstream version reintroduced the CVE-2020-15705. This refers to a distro specific flaw which made upstream in the mentioned version.
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered.
This flaw only affects upstream and distributions using the shim_lock mechanism.
Red Hat Enterprise Linux 7 and 8 are not affected by this issue, as both versions doesn't ship the shim_lock mechanism.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):