MIDI is having a bad month.
Another writeup of the vulnerability
This post describes an exploitable vulnerability (CVE-2016-2384) in the usb-midi Linux kernel driver. The vulnerability is present only if the usb-midi module is enabled, but as far as I can see many modern distributions do this. The bug has been fixed upstream.
Could be worse, still needs physical access with USB :-P