to a large degree, just about any kind of kernel bug is a security issue; to a large extent that's just the nature/role of the kernel.
I know Spender does not really agree with how the kernel team handles these, but even Spender will likely agree with my first sentence.
GregKH and others handle it by saying "you really should be updating, because we don't know beforehand which of these bugfixes will have an exploit developed". They do not say "the planet is on fire" kind of thing. But the final thing is the same, you SHOULD update.
BTW, this also shows the danger of running older kernels, even if someone is backporting things for you; this bugfix might not have been picked up for backporting because there was no CVE for it.... this one got found and CVE'd so it'll be backported. But there are likely dozens similar changes with similar exposure for which no public exploit exists *yet*.