My thought was mostly that this kind of invasive third party and closed source kernel module security wouldn’t have been necessary. But I’m pretty sure rollbacks can include kernel changes in a previous image.

Hey man, let us have this one. Any immutable/atomic distribution could have either prevented this or easily rolled back the update. Not to mention a Linux offering by something like Red Hat, for example, wouldnt recommend installing closed source third party kernel modules for exactly this reason. Not sure about the feasibility of these endpoints, but the way things are generally done on, and the philosophy of, Linux could very well have avoided this catastrophe.