Something does not line up here. The description at NIST in the CVE is about a local privilege escalation.

It contains these two links

- https://packetstorm.news/files/id/189989

- https://gist.github.com/R-Security/1c707a08f9c7f9a91d9d84b50...

The first is also about the LPE, the second is apparently by the same author, names the same CVE-ID but is about a remote code execution?

Relevant discussion: https://github.com/fail2ban/fail2ban/issues/4110

Looks like a slop report that somehow made its way into the CVE database.