And QubesOS isnt based on linux kernel. It uses Xen. Linux is used in the Qubes aka VMs.
The dom0 is very much running a Linux kernel, the same way your domU:s are typically running Linux kernels (although you could probably run any kernel in hvm mode).
As an example, here is the documentation on how to manage updates for the dom0 kernel:
https://www.qubes-os.org/doc/how-to-install-software-in-dom0/#kernel-upgrade
They went crying about WPEngine having found a good business model around Wordpress support, and started sabotaging for them.
https://www.theverge.com/2024/10/2/24260158/automattic-demand-wp-engine-revenue-wordpress-battle
Looks like they lost in court a few days ago!
https://www.theverge.com/2024/12/10/24318350/automattic-restore-wp-engine-access-wordpress
CPU vulnerability mitigations would typically be distributed with the
intel-microcodepackage for Intel processors on Debian-based distributions, for example.