udisks, not counting its dependencies, has 265,334 LoC. pmount, in contrast, has 19,978 LoC, or >13x less.

sudo, another setuid binary with a lot of policy code, has 210 CVEs / 430.150 kLoC = ~0.5 CVE per kLoC.

57.5% of CVEs have a CVSS >= 7, so 0.5 * 0.575 = 0.2875 CVE7/kLoC.

As a back-of-envelope estimate,

  udisks: 0.2875 CVE7/kLoC * 265.334 kLoC = ~76.28 critical CVEs;
  pmount: 0.2875 CVE7/kLoC * 19.9780 kLoC = ~5.7 CVEs.