Comment by Rygian

Security, as the reunion of Confidentiality, Integrity, and Availability (CIA), definitely includes vulnerabilities where a malicious user can trigger a kernel panic, as it impacts Availability directly, and potentially Integrity as well in an indirect way.

The distinction you make is a separate step down the line: you do a risk assessment and decide that, in your particular context, a specific vulnerability is not a threat worth defending against.

For that same vulnerability, others will reach different conclusions in their respective risk assessments.

That doesn't make it any less of a vulnerability.