It's very simple, Eric is just feigning ignorance here (or is seriously
deluded) so as to give credence to Linus' belief that security bugs are no
different or more important than regular bugs.
If you had read http://lkml.org/lkml/2008/7/17/94, you'd have seen the PaX
team describe security bugs as:
"anything that breaks the kernel's security model. privilege elevation
Sound not working is not a violation of the kernel's security model.
For another example, BUG()s which occur without any locks held that simply
cause nothing other than the process attempting an exploit to be terminated
are also not a violation of the kernel's security model. No privilege is
gained and the system remains fully available.