I'm going to describe CPU behavior in a generic way. This explains general principles, but the details and terminology can vary a lot between CPU architectures.
When a CPU is running code, certain bad things can happen that prevent the code from being executed normally, such as an attempt to execute an invalid instruction opcode or an attempt to access an unmapped memory address. I'll call these faults. When a fault happens, the CPU invokes a fault handler. That means the CPU saves the content of some registers and sets those registers to new values. In particular, the CPU saves the program counter (PC) somewhere and jumps (i.e. sets the PC) to some fixed address which is the configured fault handler. Before starting to execute the fault handler, the CPU also changes the CPU mode to a fault handling mode (which has kernel-level privileges, and in fact may be just kernel mode depending on the CPU architecture).
If the fault happens while the CPU is in an unprivileged mode, then (assuming a correctly designed operating system) the system is still in a known state, except for the user context (the process) that was currently executing. The fault handler can examine the information it has about the process and decide what to do. This includes events that are not errors in any way, such as loading a page of a memory-mapped file into RAM. Even if the event is not one that the kernel can handle, the consequences of errors are limited to the process, so the process is allowed to set signal handlers for such events. A signal handler means that the kernel will transfer control to the process, but will jump to some fixed address that was configured by the process. It's very tricky to handle such events in a process, and most don't, but the process can take responsibility and handle the event however it wants.
If the fault happens while the CPU is in kernel mode, what can the fault handler do? Some code that can corrupt kernel memory has just attempted to do something impossible. There is no way to know how bad the consequences are. Maybe everything was fine and then the code tried to run an optional part that was disabled, and so attempted to jump to the address stored in a null pointer. Or maybe the code has been running a loop that has been corrupting memory, and it just reached the end of a mapped block. At this point, the safest thing is to do as little as possible and just stop doing anything (and in particular not write to disk, to avoid the risk of corrupting the storage). This is called a panic in operating system design: something unexpected has happened from which there is no way to recover safely, so the OS tries to do as little harm as possible by doing as little as possible, period.
Linux is designed under the assumption that any code that was accepted into the kernel was written very, very carefully, and so a fault in kernel mode is generally likely to be relatively benign. Unless the sysctl setting kernel.panic_on_oops is enabled, the kernel will respond to a fault by only terminating the current task, hoping that other tasks are not affected. This assumes that the task has remained mostly independent of other tasks, in particular that has not corrupted any memory used by other tasks, and does not hold any locks also used by other tasks. In this context, “task” roughly refers to a kernel thread. That kernel thread may be associated to a user thread, in which case the user thread is killed as well since the kernel can't handle it any longer.
But what if the fault happens when there is no task context? Then there's no hope of confining the impact of the fault. You can see the Linux kernel's definition of “no task context” in the function kernel_should_crash, which is invoked when a fault happens:
    if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
        return 1;
- If the kernel is executing an interrupt, there's no task context: it's an interrupt context.
- If p->pid == 0, it means the kernel is in the scheduler and there's no recovery from a scheduler fault — the scheduler is responsible for deciding what to do next, but it just failed at deciding what to do next, so there's no way to know what to do next.
- Also, if the kernel is booting, crashing the boot process means there's nothing left to do.
Now at this point I'm sure you're still feeling that this doesn't really answer the question. Why doesn't the kernel let you just assume that everything is fine, and go on with whatever corrupted data structures it still has? And in any given case, a skilled programmer with knowledge of the code and access to a debugger can decide that yes, as long as we just don't touch this part of the memory, the system is still fine… But which part? And oh, “of course” the system needs to release this lock (otherwise it'll just go into an infinite loop the next time the same peripheral triggers an interrupt). No, that lock: that's a pointer to memory that's just been freed (and perhaps has been reused by another thread running on another core). There's some kernel memory that's now unreachable, but too bad, it's just for a little time until the user decides to reboot. Oh, and “of course” we need to unmask interupts before doing anything else. Oh, but before that we need to make sure that another CPU doesn't immediately take the already-pending interrupt from the same peripheral as soon as that interrupt is unmasked. Oh, and …
The point is that a valid way to handle a fault during an interrupt is extremely dependent on what the interrupt handler was doing and the nature of the fault. If you can write code that's robust enough for faults to be handled reliably, you can write code that doesn't trigger faults in the first place — it's a lot easier!
A further problem with handling nested exceptions (interrupts or faults), such as a fault during an interrupt handler, is that depending on the CPU architecture and on the system state when the fault occurred, some information about the first exception may have been lost. Nested exception handling requires some kind of stack to store information about each successive exception. On some architectures, that's entirely up to the exception handler: it needs to detect nested exceptions and save information wherever it wants. There are architectures where the CPU itself manipulates a stack, but even on those, the stack can get full (especially if a bug in an exception handler causes it not to return as expected).
It's extremely tricky to handle a fault at the same privilege level that triggered the fault. Linux is already on the YOLO side of that. More robust systems do fewer things in kernel mode. Even in Linux (and in all kernels, really), interrupt handlers are supposed to do as little as possible for many reasons anyway. (The driving reason often being concurrency: while an interrupt handler is running, there are a lot of things that can't happen.) The interrupt handler is supposed to be small, and it's known to be especially delicate code so it should be written especially carefully. If even that is buggy, there's no hope left.