In what cases it's not?

In the referenced case the introduced error involved a reference to a null pointer but there was still no exploitable security hole. The exploit was enabled when the compiler removed an explicit check. The null dereference was an error, but it was not a security issue on its own.

Why didn't the kernel panic when it tried to access NULL?

Why is a compiler writer attempting to legislate the kernel address space?

Give me a break. The kernel developers know C. They know what "undefined behavior" means.