This isn't good, but it doesn't seem to be a big deal either.
This isn't a big deal for the vast majority of Linux use-cases. Where something like this becomes a problem is kisok-like machines and certain "secure" environments.
For example, a certain US state's lottery machines, which run Linux. The machine has a list of USB device ID's it will accept, it's on a VPN, locked case, locked BIOS. All-in-all, pretty secure against tampering. However, the USB protection only goes so far because it's possible to craft a USB device which sends a fake ID.
That said, even if someone could plug a keyboard into such a machine very little can be done because of the BIOS and bootloader password protection. However, a bug like this would suddenly be a potentially huge problem.
I'm tired of people making bugs like this sound like earth shattering problems. At the same time there are a minority of situations where this type of thing is potentially a big issue. That said, we can't ignore stuff like this.