You misunderstood the scope and severity of the bug entirely.

Yes, if you are a single tenant, this diminishes defense in depth, so an attacker that gets access with a user like www-data can escalate to root, sure.

But more importantly, on multi-tenant systems, one tenant can get root and pwn all the other tenants.

Big shared hosting providers are the most vulnerable, 'just patching' stuff might work sure, but there's several scenarios where it might not be enough, like lightning striking twice as it just happened. Or an attacker getting in before the patch.