You could just chain this with another exploit, just because it doesn’t run as root by default doesn’t mean it’s not a big deal.