I would say that in a single-user system LPE isn't even needed. The moment you run malicious code all bets are off. No need to compromise the system when all your data is under "enemy" control.
Technically, running malicious code doesn't necessarily give control over all your data in the device. But common Linux is still lacking in sandboxing practicality, so it might as well be that way.