> If your kernel was built between 2017 and the patch

This is why I compile my own kernel. I disable things I don't use. If it's not present it can't hurt you.

> block AF_ALG socket creation via seccomp regardless of patch state.

Likewise I use seccomp to only allow syscalls that are necessary. Everything else is disabled. In the programs I have that need to connect to a backend socket, that is done, and then socket creation is disabled.