Missing fixes are hard to detect, one must not use these dangerous kernels
I'm not deying Jiri's massive amount of testing, but testing for absence of regression doesn't mean testing for lack of known bugs. The SOLE purpose of LTS kernels is to provide fixes for all known bugs. It should be seen as a collection of fixes. Whenever you skip a fix from a stable branch to maintain your own, you're in fact keeping a bug that was already fixed in -stable. This is almost undetectable, unless, of course, you know how to test all bugs. But given that reporters themselves don't always know how to test them and only rely on long observation, you cannot verify that you're having all needed fixes.
So please, distro vendors need to really stop this madness of reinventing a parallel maintenance effort that does not involve users. This huge amount of work would be so much better spent testing LTS kernels! And this particular vendor got caught in the past with severe local vulnerability (local privilege escalation IIRC) that had been fixed in mainline and stable something like two years ago but still present in their kernel as not identified as needed.
Sure, stable and LTS kernels occasionally regress. When they do so, they're immediately reverted. Nobody's asking vendors to ship the very latest patch, it's perfectly fine if they emit one release out of 5 after much longer testing. But it's really important that they closely follow the stream of fixes that go into mainline and -stable. And if they're doing the backport themselves, considering how many times a subsystem maintainer disagrees with a backport and proposes another one, that's a luxury they don't have here and they probably keep a list of incorrect or incomplete backports without knowing. I'm still really really irritated whenever I see non-LTS kernels on LTS distros. This definitely does not contribute to the perception of Linux' quality nor security in field.