The 2003 buffer overflow bug example is an interesting case. Has it been around that long simply because it can’t really be exploited for profit? Or, in other words it’s sort of like the enigma code break situation: use it and you may lose it.
That’s not to say it is entirely useless to have a buffer overflow with no control of the content. If there are a lot of these bugs sitting around accumulating over a decades you could have had an automated exploitation checker run on each release of the kernel to find a “profitable” one. Profitable in the sense that it may do nothing but crash the system but if you want to crash somebody’s system at an opportune moment you can possibly short sell etc.