This is one bug in a very old/stable piece of code. The time to investigate all of the security implications of it is relatively small. Now multiply this by the number of versions of the Linux kernel that are "supported" and by the rate of change of that code. The Linux kernel developers would spend all of their time investigating possible security implications of bugs instead of fixing them.
Running any kernel that you've just downloaded form kernel.org is inherently risky - we all know that (or should). That's why we have Debian/RedHat/SuSE/etc.
Linus and friends are not your personal security risk assessment team.