>>exploits for old Android phones (nothing above Android 4.1),
These documents do not come with time stamps. That particular document is likely several years old, even though the release for this is dated in 2016. Further, while Android 4.x does have unpatched remote code execution vulnerabilities, that does not mean that the vunerabilities that were listed in what has been released so far have been patched. We have not seen any code related to the exploits, only the version for which it was written and what category it falls under. (As well as where it was aquired from, but lets not stray into the political.) It also does not indicate that the CIA does not have other, unlisted vulnerabilities. Further, 4.1 is not the only version listed. There are references to 4.4.4. Not every exploit has a version tag. Many are hardware specific attacks, and could theoretically still be vulnerable even after an OS update. Ref: https://wikileaks.org/ciav7p1/cms/page_11629096.html
Further, at the time, all requests they had were for android 4 devices. Ref: https://wikileaks.org/ciav7p1/cms/page_34832386.html
Note the date for this document is November 2015. Fully a year after Lolipop went live. At the time, the only burner phones you could pick up were old devices.
>>exploits in UEFI that require physical access,
Vulnerabilities that require physical access should not be excluded. There is plenty of evidence that government agencies have intercepted devices in route and planted malware.
>>kernel exploits in Linux/OSX that have or are in the process of being patched out,
Again, many of the documents that have been released so far are older than what one would expect. While some of the documents are more recent, many of them are years old. Also, "in the process of being patched out" means they are still vulnerable.
>>exploited IoT devices and smart TVs
This is the one everyone latches on to. While sure, you have not been singled out for surveillance (probably), if this vector has been automated, and based on the info we have on HIVE and FINEDINING it likely is, it's possible ALL Samsung TVs are compromised and ALL audio is being transcribed and stored.
>>The NSA contained more widespread and arguably more dangerous tools.
The NSA cast a wider net, but there were no 0day exploits or other tools explicitly disclosed. They attacked via ISP at the transport layer, in a passive manner. What the CIA is doing is active penetration. Further, the CIA compromised national security by allowing these tools to fall into unknown and/or irresponsible hands, which could, by conjecture, fall into the wrong hands. That is the biggest, most important take away from this. The most dangerous government agency in the world lost control of the most dangerous arsenal in the world, and didn't do anything to resolve that dilemma, lest they loose a few cool toys they have grown fond of.
Another important takeaway that I'm not seeing be discussed is UMBRAGE, providing agents to frame other hackers for their actions. This is exactly why it's so hard not to talk about the politics surrounding this, as politics are intertwined with the focus and capabilities of these tools.