Re: "there's still some dangerous stuff you can do"
Is there something more dangerous you can do from a busybox shell on the boot partition, than a full Linux system on a thumbdrive?
My point is that this "vulnerability" is not new, it has absolutely nothing to do with escaping the init script, and it certainly doesn't warrant a CVE report, unless the reporter is claiming to have only just discovered that unencrypted filesystems are (shock!) vulnerable to direct access, where the init shell is only one point of access, and not even the most useful, from a hacker's perspective.