Yes, but not everything is possible:
“DivestOS 14.1/15.1/16.0/17.1/18.1, based on Android 7/8/9/10/11 respectively, are END OF LIFE and receive patches on best effort basis”
That means also if e.g. the security update states August there are missing patches.
Android 18.1 / 11.0 / R EOL! 2024-02, ASB:LOS: 2024-02, ASB:DOS: 2024-08*
“Asterisk* denotes known missing patches”
Beside that, I think the initiator / team / contributers behind DOS are doing a great job, also regarding their automated kernel CVE patching e.g. for the FP2 Kernel 3.4.113 + 387 patches
Also worth noting:
"The kernel also sports many built-in security features, that most devices actually have disabled! We created a tool that automatically enables as many of these security features as possible. This is an easy way to have a noticeable increase in security with minimal effort. "
TL;DR:
Takeaway 3
“While newer kernels provide more defenses, a v3.10 kernel with all available defenses enabled would mitigate more exploitation flows than 38.1 % of vendor-supplied kernels.”
“Second, as emphasized in Takeaway 3, susceptibility extends beyond mere kernel version correlation. Even the deprecated kernel v3.10 (released about ten years ago) would mitigate more one-day exploitation flows, if properly configured, than 38.1 % of vendor firmwares. Huawei underscores this statement with their v5.4.86 kernels, nearly twice as bad as the properly configured v3.10. This lack of proper configuration appears prevalent across multiple vendors. Hence, the second potential contributor is a lack of importance regarding security-relevant features for the Android kernel.”
In general recommended Kernel security Settings