that doesn't sound like an accurate portrayal of the article at all. "Kernel Read-Only Primitive" and "Kernel Write-Only Primitive" are vague, but as far as I can tell, "SWAPGS", "BadIRET", "SysRet", and "Pop SS" are in core kernel code which cannot be configured out with Kconfig. CVE-2017-5123 is in waitid, which I believe cannot be configured out, and CVE-2017-1000112 is in TCP, which can be disabled, but is virtually never done. I don't think anything in this article talks about exploits from kernel modules. In fact, according to the article, LKRG can be trivially disabled from root by simply running "rmmod p_lkrg".
