Your "cellular phone" does not in fact have "full root memory access 24/7". In modern phone designs, the baseband is a USB peripheral. The notion that the closed, secret baseband is a DMA backdoor into AP memory is a message board meme, not engineering reality.
Qualcomm alone covers 40%, and they're arguably the most likely to correctly implement their MMU (nevermind they've seen quite a few vulnerabilities in their MMU implementations over the years..)
Meditek uses a similar architecture, and I sure as hell don't trust their MMU.
Outside of Apple, Librem and Pine are just about the only way you're getting a USB attached baseband.
You start off trying to claim the entire class of vulnerability isn't possible because a few vendors made sane architectural decisions. When it's pointed out those sane vendors are in the minority, and there are real world examples of the terrible shared memory architecture being exploited, you scoff at the example being for a single device.
Nobody is claiming baseband == root, only that the terrible architecture prevalent in Android phones (the devices that make up the majority of the market) combined with the terrible software practices of SoC vendors results in a situation far more likely to be exploitable than shunting the baseband off on a non-dma capable bus.
Let that sink in a bit.