This requires an attacker to first get MitM, which is a pretty high bar:
“The first pair of bugs can be exploited in a LocalNet attack, i.e., when a user connects to an Wi-Fi or Ethernet network set up by an attacker. The latter pair can be leveraged in a ServerIP attack, either by attackers that are running an untrusted Wi-Fi/Ethernet network or by malicious internet service providers (ISPs).”
This requires an attacker to first get MitM, which is a pretty high bar:
“The first pair of bugs can be exploited in a LocalNet attack, i.e., when a user connects to an Wi-Fi or Ethernet network set up by an attacker. The latter pair can be leveraged in a ServerIP attack, either by attackers that are running an untrusted Wi-Fi/Ethernet network or by malicious internet service providers (ISPs).”