My answer will cover Hypothetical situations in which a person could have this happen.
Let's say that a Zorin OS user wants a package that is developed by the Pop_OS team. They add the Pop_OS repo and install the package... But they forget to remove the repository after installing the wanted package.
This is true for if you wanted a package from the LinuxMint team.
Or if a person installed a repository for a Later Version of Kernel such as outlined here:
(The above only contains Unsigned Kernels).
If the user then Updates/Upgrades the system, it will try to pull from that added repository, including the later kernel, even if it is a different kernel than the vetted released Zorin OS Kernel.
Hope this helps and I have marked your post as the solution to the thread.