As the program and kernel run in a single address space, yes there is no separation from your application corrupting parts of the kernel.

I'm not very convinced about the security story around unikernels, but for balance the other side of the argument is that there's much less code around in a unikernel - no shell, no command line tools at all, no compilers or interpreters, just the code required to run the program and talk to the hardware (real or virtual).

Wouldn’t directly linking system calls make every address space more unique and thus make it harder to write (generic) exploits for?

The typical problem is that you end up distributing (eg) Apache 2.4.99 compiled for Unikernel on x86-64 via Red Hat Network to a million customers and they're all running the same binary. ASLR helps here ...

With full privilege I think you could directly write to hardware dma locations and look them up in the mmu, etc.