The kernel can be maintained, the issue isn't the open source elements it is the firmware/drivers for the hardware itself that are left vulnerable. Any device not recieving regular firmware/driver updates should ever be seen as secure.