drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
http://marc.info/?l=linux-input&m=137772187514628&w=1
http://openwall.com/lists/oss-security/2013/08/28/13