I have no problems tethering with my Samsung Galaxy out of the box. No root access required, no special applications. It provides a serial (over USB) interface to its internal modem, just point pppd to the proper device and it works.
(To enable it: Settings -> About phone -> Additional settings -> deselect "Mass storage only")
The description given by SANS is a bit misleading. What I believe is happening is:
Since point 2 is mostly true, the compiler is not completely wrong to assume point 3
As Spengler says, a bigger problem is that loading SELinux (or, it looks like, most other security modules) causes the NULL dereference protection to be disabled.
The bigger the theory the better.