Well, that is the thing.
Check Android October's 2022 security bulletin report: https://source.android.com/doc...
Let's look at CVE-2022-25718 under Qualcomm closed-source components.

Then Google that CVE and you get, https://cve.mitre.org/cgi-bin/...
which states:

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Then go to the QC relevant bulletin to find the CVE: https://docs.qualcomm.com/prod...
And you will see that it falls under Proprietary Software Issue, and there is no patch available. So the all device with affected component running code earlier than the one stated has a known public vulnerability.

How does it help to have driver portability? or to have latest Android?

I do not understand how people is missing this aspect all the time. LTS versions and regular updates are mostly available to patch "running working systems" with problems, and these can be functional or security problems. "Drivers" or rather modem OS and such on Android are closed sourced and are vulnerable to multiple attacks as soon the device is dead to the manufacturer, which is ~2 years on average for all devices. Despite the community efforts, the device will never be completely secure. Newer Android version, sure. But the bug on that modem of that chipset will never be fixed. The mobile world really sucks, you are forced to buy a new device ever ~3 years, my 2cents.