The whole issue is that these fixes are silently introduced in the upstream kernel, with no mention of any security impact. Thus they don't get backported into distro kernels, or publicly announced as security issues at all.
You'd have to be at the latest upstream kernel to avoid this, not at whatever your distro considers "their kernel with latest security updates" unless the two are identical.
However, that comes with its own issues, obviously.
In any case, you should take other measures if you actually have a threat model where you might be targeted by an advanced attacker. Grsecurity, syscall lockdown for untrusted processes, etc.
All mainstream OS kernels today are pretty weak once an attacker can run code on the system.