A flaw was found in how the ACPI table loading through the EFI variable (and the related efivar_ssdt boot option) was handled when the Linux kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
bugzilla.redhat.com/show_bug.cgi?id=1852942
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e
git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh
lore.kernel.org/linux-efi/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2019-20908
www.cve.org/CVERecord?id=CVE-2019-20908
www.openwall.com/lists/oss-security/2020/06/14/1