The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.
The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.
I’m running Arch on my RPI 4b+ and quite happy with it.
The installation was pretty simple IIRC - I did run into some issue with uboot which was easily solved by searching for the error on the internet.
Arch Linux ARM ships with a mainline aarch64 kernel and uboot by default, but if you are interested in running the RPI kernel and their boot loader, there’s a custom pacman repo and instruction on the forums: https://archlinuxarm.org/forum/viewtopic.php?t=16144
All in all I don’t think arch needs that much maintenance on a non-critical home server - just make sure to check for config updates every now and then and reboot after kernel upgrades.
From https://www.cloudflare.com/products/tunnel/