IMSI tracking is a consequence of how baseband devices communicate over-the-air, just as WiFi MAC address tracking is a consequence of how 802.11 devices communicate over-the-air.
And it's definitely a vulnerability, because it's used to track end users and reduce their privacy.
So it IS a baseband vulnerability. And IMSI randomization mitigates it to some degree, just as WiFi and Bluetooth MAC randomization mitigate tracking via those identifiers.
I’m arguing that just because a baseband processor is involved that doesn’t mean IMSI tracking is a vulnerability of the baseband processor itself. IMSI provisioning and randomization cannot be done without cooperation with the network operator and has nothing to do with the baseband processor itself.
Trackability is definitely a vulnerability.