AC Naturally
That CVE describes the attack vector as local, so I thought to myself meh... it's a big nothingburger, but wait a minute!!! How can this be described as local:
The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)
I'm so glad they're looking after their customers, imagine how bad it could be if they weren't