Are they already vulnerable to RCE as an unprivileged user? Hopefully not.

An LPE only allows an attacker who can already execute code on the system to become root. So, bad, yes, but it doesn't mean you are immediately pwned.

For home computers, essentially https://xkcd.com/1200/ applies.