Since this is a privilege escalation attack, it can only be used by a user who already has a login, right? It is basically an internal threat from someone who is already valid on the server.
For Android users, it may be more of a problem. There was a sidebar article which pointed out that one-third of Android users don't bother with a passcode on their phones which would mean that if their phone were stolen, root would be accessible. But of course, with no passcode, everything would be open anyway. These are probably people who don't bother with passwords on their computers either, though.
Then on a shared computer system, anyone with a passcode could be a threat.
“Since this is a privilege escalation attack, it can only be used by a user who already has a login, right? It is basically an internal threat from someone who is already valid on the server.”
It’s a moot point, it’s been fixed and the patch was available yesterday. Any linux user that pays any attention to his system security has already applied the patch.
I have a house full of linux boxes and they were patched as soon I got on my laptop yesterday morning.