Even if there is a vulnerability, there is no way to steal and send that data to wherever it's supposed to go without networking.
Depends on your setup. If you're using an air-gapped device that makes no use of random number generation, then the attacker can't take advantage of it to sign with insecure k-values (as an example). Transactions are signed using the RFC 6979 which doesn't generate random k-values. You would also need to use dice or coin to generate the entropy of your wallet. In that case, and by
assuming the OS does not hide any backdoors for the specific type of wallet software you will use, then it's safe to assume you'll be fine.
If you connect USB devices to it to transfer PSBTs, I doubt a malware can be that good to transfer your data to the USB device and then wait for you to connect it to an online machine to transfer the information over the internet.
It sounds pretty difficult to bypass all those linux protection mechanisms, and install a program which will do that, but if you don't do it you will be 100% you cannot fall victim for that either.