kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. Reference: https://www.openwall.com/lists/oss-security/2021/07/06/3 Upstream patch: https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1980070]
Fedora enables MODULE_SIG so should not be vulnerable to this, The patch is included in the stable update 5.12.14 for Fedora, so users building their own configs should be covered there as well.