But as part of this it'll also have a high chance of triggering a system shutdown due to ECC mismatch, right? So in most cases it can't be exploited for things other than DoS.

ECC won't necessarily shut the system down as it can actually repair single bit errors, and mismatches can be monitored for as well. But your point stands - for an attacker to do damage they'll likely end up flipping bits in unintended ways first.