Greetings and welcome to the forums.
Rocky is sticking to the promise to stay 1:1 with RH. Alma has made the choice to go a different path.
Thus, it is important to see what RH is doing to know if Rocky will get the patch. It seems they’ve classified it as “not affected” but I don’t understand their logic. This has nothing to do with the kernel but rather the linux-firmware and microcode packages.
https://access.redhat.com/security/cve/cve-2023-20593
However, there are active discussions on the bug report for it:
https://bugzilla.redhat.com/show_bug.cgi?id=2217845
If RH patches upstream, then Rocky will publish the patch as well.
Hope that helps.