Short version: A bunch of shitty companies have as business model to sell open databases to companies to track security vulnerabilities - at pretty much zero effort to themselves. So they've been bugging the kernel folks to start issuing CVEs and do impact analysis so they have more to sell - and the kernel folks just went "it is the kernel, everything is critical"
tl;dr: this is pretty much an elaborate "go fuck yourself" towards shady 'security' companies.
Don't have links anymore, but few months ago I came across some startup trying to sell AI that watches your production environment and automatically optimizes queries for you.
It is just a matter of time until we see first AI induced large data loss.