>All distro's shipping a major kernel version from more than a year ago -- and that includes all LTS kernels -- are vulnerable, regardless of how "timely" their patch schedules follow upstream

To be fair, I question the wisdom of managing kernels like that across all distros.