The Linux project's view is that almost all kernel bugs are security vulnerabilities. They don't treat something like this as anything special.

I can understand that PoV, but it doesn't fit with distributions' approach to security. So, in practice, one has to reach out to distributions individually, or use distros lists on openwall.org to coordinate with all distros.