Not widespread is a bit of an understatement. In the context of malware analysis I would be astonished if someone bothered to use a VM escape bug. They're valuable; you don't waste them by sticking them in a piece of malware to pwn some poor malware analyst's machine.
VM detection is much much easier, so there's not much point.
I was thinking the same thing. Who would waste an unpatched vm escape bug just to nab some poor souls laptop, which can be wasted and reformatted in an hour? Sounds like a colossal waste and I bit there's very, very few (if any) examples of it happening in the wild.
I have a feeling escaping from Windows into a Ubuntu host system would not be as effective (though I wouldn't doubt it impossible) as escaping into a Windows OS which is usually the bigger / main target for malware.
