It’s a LOCAL privilege escalation vulnerability. You need sufficient access to be able to execute arbitrary code locally on the machine. You would need a remote code execution vulnerability in an exposed service (VPN, web server, game server and so on) before an attacker could chain to this to get remote root on your system.