A bug in the Caiaq USB driver, which could be used to execute arbitrary at the kernel level has been reported by Rafael Dominguez Vega of MRW InfoSecurity.
The device drivers are vulnerable to buffer overflow condition when an USB device with an unusually long name (over 80 characters) is connected to the machine. This is due to the use of strcpy() which length is not being tested, enabling the attacker to execute malicious code on the target machine.
In order to exploit the vulnerability the attacker would have to have physical access to the target machine. It does not matter how secure a computer is, as long as any human has physical access to it he or she can be manipulated with social engineering techniques such as mailing the victim a maliciously crafted USB chip along a note stating that it contains pictures of him or his family.
Having an encrypted harddrive would not help in such situations as when the user has logged on the machine as the kernel has access to the filesystem.
Fortunately a fix has been released and should hit your distribution repos soon.