Unfortunately this is not true. Physical access is not required. It's possible to execute the DMP attack remotely. Remote access is enough. Check the demo here: https://gofetch.fail/Attackers have to have physical access to the machines and either your account password or an account on the computer to exploit this.
This is going to be an issue for how many people?
Not sure why some articles are spreading lies.