I would say that in a single-user system LPE isn't even needed. The moment you run malicious code all bets are off. No need to compromise the system when all your data is under "enemy" control.

You might not have root on an organizational "managed" system.

Technically, running malicious code doesn't necessarily give control over all your data in the device. But common Linux is still lacking in sandboxing practicality, so it might as well be that way.