This is fine, but not an answer to the actual question of whether Tesla is still shipping 2.6.36 on a Model S's Parrot system today. Parrot-the-company could have given an updated kernel in the year or so since the vulnerability was reported, or like you say Tesla could have taken on the mammoth task of maintaining an out of tree arch port themselves. It would be useful to know whether this happened, since if it's still running 2.6.36 it would be reasonable to consider the devices as extremely vulnerable in the wild today.
> but an upgrade from 2.6 to say even 4.4 is entirely out of the question
We did this kind of transition at OLPC ten or so years ago, helping Marvell upstream enough of their arch support code for a new ARM SoC to move us from their private 2.6 branch to latest public upstream (including the move to device tree), and with only a few kernel engineers working on it. Tesla surely has many times more resources; it's not entirely out of the question, but it's true that it's probably not economical for a minor support chip. Although, it's the minor support chip that's connected to the outside world..
> but an upgrade from 2.6 to say even 4.4 is entirely out of the question
We did this kind of transition at OLPC ten or so years ago, helping Marvell upstream enough of their arch support code for a new ARM SoC to move us from their private 2.6 branch to latest public upstream (including the move to device tree), and with only a few kernel engineers working on it. Tesla surely has many times more resources; it's not entirely out of the question, but it's true that it's probably not economical for a minor support chip. Although, it's the minor support chip that's connected to the outside world..