The Linux kernel team gets 60 logged reports of security vulnerabilities each week, according to longtime developer Greg Kroah-Hartman. He ought to know; he is the point of first contact for such reports, according to <https://www.zdnet.com/article/the-linux-security-team-issues-60-cves-a-week-but-dont-stress-do-this-instead/>. On the bright side, most of them will likely not affect you. The total kernel source tree is up to 38 million lines of code, and your typical OS installation uses only a small fraction of that. To quote GregKH: “Your phone, the most complex beast out there, uses about 4 million lines of code”. They don’t take their time about dealing with vulnerabilities, either: This crew doesn't take embargoes or use pre-announcements. Why not? Because they believe -- with reason -- all these approaches do is lead to information leaks. Instead, they aim to get fixes out to users as quickly as possible. Typically, this is done within a week of having a patch available. This approach ensures that users are promptly notified of security issues and can update their systems accordingly. Another GregKH quote: “If you're not using the latest stable/long-term kernel system, your system is insecure”. Which means, you need to do a kernel update just about every week. The thing is, Kroah-Hartman said, "We have proof this can be done. Debian runs over 80% of the world's servers and they're using stable kernel updates. Android, billions of devices out there, takes every stable kernel update on a couple months lag, but they're doing it and keeping their devices secure. There's nothing more complex than embedded into the system, and there's nothing more common and easy to use than a Debian server.