I'm puzzled ... I can understand why the BLE drivers would still require a firmware update (and that is fine since drivers for older hardware shouldn't be much of a problem), but why wouldn't all of the Framework vulnerabilities be handled via Play Store updates. I believe that all of the Framework is updatable in this way. Perhaps it's because that is not true of Android 10 so they need to address it in a firmware update anyway?
Well, yes, I have to agree. See the other comment I just posted. My understanding is that they are at the point (at least now with Android 13, which is what the Nokia will presumably ship with) that they can update most of userland (and even graphics drivers though that requires vendor participation), so they should be able to address Framework vulnerabilities, which is the critical discrepancy here.
How do I determine which, if any, of these is fixed via the Play store update mechanism?