Actually there are several different things working in concert here.
1) The ability to mmap adress 0
2) Code which knows how to escalate privileges of an entire process if run in kernel space.
3) A kernel module which intentionally calls a bad pointer, to illustrate the point.
3 by itself is not a vulnerability. In fact, it is by itself just a stupidly written peice of code, the real vulnerability is in 1 & 2 which take advantage of a vulnerability in null pointer handling.
In fact, even if I didn't know anything other than 1 and 2, It is possible to start fuzzing syscalls until I accidentally cause one to dereference a null pointer, in which case it is game over.
Edit: another way to say this is: Kernel null pointer vulnerabilities are a class of vulnerability, much like buffer overflows are a class of vulnerability. Even if there is just a toy example of the exploit in an article, it doesn't change the concept. Much like the classic "Smashing the stack for fun an profit"
3 by itself is not a vulnerability. In fact, it is by itself just a stupidly written peice of code, the real vulnerability is in 1 & 2 which take advantage of a vulnerability in null pointer handling.
In fact, even if I didn't know anything other than 1 and 2, It is possible to start fuzzing syscalls until I accidentally cause one to dereference a null pointer, in which case it is game over.
Edit: another way to say this is: Kernel null pointer vulnerabilities are a class of vulnerability, much like buffer overflows are a class of vulnerability. Even if there is just a toy example of the exploit in an article, it doesn't change the concept. Much like the classic "Smashing the stack for fun an profit"