It does indeed feel like a local exploit. Those are often used for privilege escalation once you’ve obtained a shell through a service account. I agree most people here should not be worried about it, but might be useful for those who have servers.
This really isn’t a fair interpretation of “local exploit” in today’s world. A local exploit isn’t only a vulnerability to people who have local accounts. The most common way a local exploit is used, is in conjunction with another exploit. The first exploit gets you access and the second gets you privilege escalation.
There are tons of real-world cases where this can happen. For example, a vulnerability in almost an internet facing client, most commonly a web browser. They use that exploit to get local access and then look for other exploits to get even more. Although, frankly, in a single user workstation, you can do a lot without privileged access.
FYI, if your system is up to date, and using Polkit v 0.120-4 then you have the latest patched version from the Arch devs that addresses this and should be good now, just make sure to do a reboot after you’ve updated so you know everything works.