Are these the type of "vulnerabilities" where an attacker basically needs to already have access to your system to take advantage of them?
If not, could someone more knowledgeable on this type of thing give an example scenario of how an unsuspecting user could fall victim to one of these vulnerabilities?
It's very useful for attackers to be able to step up from "run program as non-privileged user" to "can install root kit" or in one case it looks like it can likely be used to install a root kit in UEFI/BIOS where it survives even a "rip out SSD, install new, install new OS". We're talking "buy new motherboard" level!
MOST serious attacks consists of a chain of different vulnerabilities and the early ones are far more numerous, so finding a "severe local" vulnerability like these are often the key to make a successful attack rather than just a CVE entry.
Since it requires the program to run locally there's a significant threshold to be able to exploit it, but it's an very important since it converts a bad situation into potentially "I hope you had up to date backups, and is willing to buy some new hardware".
It's also a big problem even without any other exploits in many Corporate scenarios where the user often
doesn't have much access to the machine, the IT department installs and manage all software on the machine. Think banking or the financial sector for the most extreme examples.