*What is YOUR source for this. Do you even have one?*
THE PAPER THAT WAS SUBMITTED. They are very open about the *incredibly* narrow known threat model (basically ASLR pointer obscuring *in the same process*), albeit -- as all papers do -- opining that maybe there is something worse that could be done. These sorts of security papers come out by the dozen per year, and generally no, there isn't any further risk, and the latent risk is negligible to irrelevant.
To be clear, when security researchers are pitching a novel vulnerability, the foundation of their claim is a proof of concept, because the chasm between "well it could...." and the actual can be enormous. No proof of concept. Not even a vague inclination of the knowledge of how to make a proof of concept. And this issue has been very widely disseminated, every hacker group pounding on Augury -- theoretically it is trivial to exploit on an array of pointers -- and no one else has a proof of concept yet. Weird, right?