Joanna argues that most of the attacks presented indeed require that the attacker first gains access to the Dom0 before he can launch the attacks but that doesn’t take away the severeness of the issues.
Other rootkits also require for the attacker to first gain root access before he can hide his toolset from the eyes of the administrator.
She continues to argue that other attacks already provide people with potential access from DomU to Dom0 via a virtual machine escape bug
But even there the attacker first has to gain root in the DomU before he can potentially climb up to Dom0
Still there’s a significant difference in gaining (root) access, and hiding the fact that you got it. But indeed neither of both should be possible