kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1980070]
Fedora enables MODULE_SIG so should not be vulnerable to this, The patch is included in the stable update 5.12.14 for Fedora, so users building their own configs should be covered there as well.