If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3216 https://access.redhat.com/errata/RHSA-2020:3216
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15705
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3217 https://access.redhat.com/errata/RHSA-2020:3217
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3223 https://access.redhat.com/errata/RHSA-2020:3223
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3227 https://access.redhat.com/errata/RHSA-2020:3227
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:3273 https://access.redhat.com/errata/RHSA-2020:3273
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:3275 https://access.redhat.com/errata/RHSA-2020:3275
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3271 https://access.redhat.com/errata/RHSA-2020:3271
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:3276 https://access.redhat.com/errata/RHSA-2020:3276
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3274 https://access.redhat.com/errata/RHSA-2020:3274
Created grub2 tracking bugs for this issue: Affects: fedora-all [bug 1863021]