Doesn't this require two-way dataflow between the air-gapped computer(s) and the "primary host"?
Edit: in other words, you would have to 1) plug a USB drive into the "primary" host and then plug the same drive into an air-gapped computer, and 2) take a USB drive that was plugged into the air-gapped computer and plug it back into an internet-connected computer. Plus, all computers in the dataflow above must be running Windows, right?
Sure. But "plenty" is not equivalent to "so cheap and so powerful that a well-funded state actor would automatically design every targeted exploit package to be cross-platform." At least this particular case suggests that is probably not the case.
Keep in mind from the article that the user must browse the files in the GUI for the exploit to work. I doubt Windows and the set of the most commonly used Linux GUI file browsers all have "plenty" of 0 days to exploit for this same purpose. Or, if they do, it's going to cost substantially more money to find them, test them, and package them up.
On an unrelated note, I agree-- the Linux kernel probably has plenty of 0 days to exploit.
Edit: in other words, you would have to 1) plug a USB drive into the "primary" host and then plug the same drive into an air-gapped computer, and 2) take a USB drive that was plugged into the air-gapped computer and plug it back into an internet-connected computer. Plus, all computers in the dataflow above must be running Windows, right?