Note that not all vulnerabilities are/can be patched by LineageOS, regardless of what the security patch level claims. Your device maintainer needs to actively merge patches into the kernel/device (see [0], note that this list relies on maintainers to update it). In addition, binary blob firmware needs to be patched by the manufacturer (e.g. Broadcom wi-fi exploits), which won't happen for devices that are out of support.

[0] https://cve.lineageos.org/kernels

My five-year-old Samsung S3 for Verizon stopped receiving updates less than 2 years after its release. The bootloader is locked tight, so I am unable to install any custom ROMs such as Lineage OS.

My phone screen was eaten alive by fungi last week, so I had a look at the field to pick a new device. Discovered Lineage OS, super keen. Unfortunately, its device support is crap.

Guess I'll have to look at upgrading my diehard old Moto G. It's still on Android 5.1.1.

Meanwhile I guess disabling WiFi is a mitigation?

> Meanwhile I guess disabling WiFi is a mitigation?

That's a good question. If it's disabled in firmware and not actually powered down, it might still be susceptible.