I'm not disagreeing with you. That said, Stuxnet was built by a state actor with the motivation to target nuclear industrial equipment, not your media server's Ryzen 3000. It would be an hell of a lot of motivation without obvious payoff to use this vulnerability to, say, make nastier ransomware or steal crypto. The novelty of this exploit is the durability of it (persisting beyond a full wipe), which isn't something your garden-variety malware needs to extract value. If you have ring0, you already won.
If you're a person who needs to be careful about this sort of stuff (e.g., you're Edward Snowden or run Iran's nuclear program), you hopefully are already paying attention. If you are a mere muggle like the rest of us, the risk is probably not high enough for you to get upset.
I don’t think it’s so crazy to think about the fact that tools like this can be both used by, _and designed for the use of_ state actors, whether in actions against other governments or troublesome individuals — for example, Pegasus is not only for state actors.
If you're a person who needs to be careful about this sort of stuff (e.g., you're Edward Snowden or run Iran's nuclear program), you hopefully are already paying attention. If you are a mere muggle like the rest of us, the risk is probably not high enough for you to get upset.