So this security firm didn't notify distro maintainers about the vulnerability or check if distros got the fix. That's not their job. Literally thousands of projects incorporate the Linux kernel. The ...