Actually there are several different things working in concert here.
1) The ability to mmap adress 0
2) Code which knows how to escalate privileges of an entire process if run in kernel space.
3) A kernel module which intentionally calls a bad pointer, to illustrate the point.
3 by itself is not a vulnerability. In fact, it is by itself just a stupidly written peice of code, the real vulnerability is in 1 & 2 which take advantage of a vulnerability in null pointer handling.
In fact, even if I didn't know anything other than 1 and 2, It is possible to start fuzzing syscalls until I accidentally cause one to dereference a null pointer, in which case it is game over.
Edit: another way to say this is: Kernel null pointer vulnerabilities are a class of vulnerability, much like buffer overflows are a class of vulnerability. Even if there is just a toy example of the exploit in an article, it doesn't change the concept. Much like the classic "Smashing the stack for fun an profit"
Still, the title can be misinterpreted. The vulnerability being used is not a "real one" but one injected by a kernel module.