I'm pretty surprised that the other distros besides Ubuntu and Debian took at least 4 extra days to get these critical fixes published. But more than that, I'm terribly disappointed in the upstream handling of these problems. While blackhats following kernel development closely might be finding vulnerabilities, enabling any script-kiddie in the world to gain local root privileges is seriously irresponsible. These weren't unclear fixes; upstream knew these were critical issues, and they didn't bother to create a coordinated release with the distros, leaving Linux users vulnerable to the response times of their selected distro kernel teams.
If upstream had bothered to even suggest a 1 week embargo, every single distribution would have had updates ready, leaving the window of vulnerability to script kiddies closed. I think it's negligent that they don't even follow their own documented policies on disclosure. Since the issues were not public, they should have gone with a week:
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds