Note that this particular memory is often used by kernel exploits to store their shellcode. It's memory address is stable across different Windows version, the pages used to be executable, it's a huge address space, and it is seldom used for anything.

Even in the latest version, if you can get around SMEP and toggle the executable bit in its pages (or disable SMEP), you can still run shellcode directly from it.

See also the similar linux concept of vDSO: https://0xax.gitbooks.io/linux-insides/content/SysCall/linux...

To me, the interesting part is that it contains some relatively high-resolution timers, that you can get with just a memory read.