I don't think you understand what's going on. A kernel-side null-pointer dereference is normally a denial of service, but this article explains how to convert it into privilege escalation.
Using a kernel module with the bug in it lets the article talk about that particular transformation, without emboldening a bunch of script kiddies with a new rootme script. You can of course replace that kernel module with any null-pointer dereference you happen to notice in the kernel changelog.
Actually there are several different things working in concert here.
1) The ability to mmap adress 0
2) Code which knows how to escalate privileges of an entire process if run in kernel space.
3) A kernel module which intentionally calls a bad pointer, to illustrate the point.
3 by itself is not a vulnerability. In fact, it is by itself just a stupidly written peice of code, the real vulnerability is in 1 & 2 which take advantage of a vulnerability in null pointer handling.
In fact, even if I didn't know anything other than 1 and 2, It is possible to start fuzzing syscalls until I accidentally cause one to dereference a null pointer, in which case it is game over.
Edit: another way to say this is: Kernel null pointer vulnerabilities are a class of vulnerability, much like buffer overflows are a class of vulnerability. Even if there is just a toy example of the exploit in an article, it doesn't change the concept. Much like the classic "Smashing the stack for fun an profit"
Using a kernel module with the bug in it lets the article talk about that particular transformation, without emboldening a bunch of script kiddies with a new rootme script. You can of course replace that kernel module with any null-pointer dereference you happen to notice in the kernel changelog.