Does this vulnerability not rely on SUID binaries?

I don't think so? It's a buffer overflow in the system call.

I just read that it was spilling into argv or something and assumed the vector was somehow injecting arguments or something.

	▲	cperciva 5 hours ago \| parent [-]
		The exploit is injecting environment variables, but yes, close enough. You need someone to call execve as root in order to become root, but you don't need a setuid binary.