As I understand it, Android was patched against the vulnerabilities, and until now they think that nobody was able to successfully exploit those vulnerabilities in Android in the past … which of course is not a very solid statement regarding the past 
.
Well, there is also this statement: “See the Google security blog for more details.”
And there you get:
Android
Devices with the latest security update are protected.
Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices.Supported Nexus and Pixel devices with the latest security update are protected.
Further information is available here.
And this further information is …
Android
On the Android platform, exploitation has been shown to be difficult and limited on the majority of Android devices.
The Android 2018-01-05 Security Patch Level (SPL) includes mitigations reducing access to high precision timers that limit attacks on all known variants on ARM processors. These changes were released to Android partners in December 2017.
Future Android security updates will include additional mitigations. These changes are part of upstream Linux.
Now did they really patch LineageOS or just replaced the date in the code as found by @Ingo ?
Good question, I’m not a developer, I can only google stuff … I found this here …
https://cve.lineageos.org/android_kernel_fairphone_msm8974
… which looks pretty grim, but https://cve.lineageos.org/ at the same time states
Please note that the tracker needs to be manually updated by each device maintainer and it does not necessarily represent the real patch status of the kernel.
So you can’t go by that either.
@chrmhoffmann, can you help?