[marcosdumay]

> Can this automatically cause arbitrary code execution?

USB has capability to launch any arbitrary code that the user itself could without inputting any secret.

On anything that isn't the best protected Linux GUI (better protected than the configurations that everybody use), this is enough to install a keylogger on your environment and sniff any secret that it's lacking (but root/administrator rights are overrated anyway).

There has been some work on restricting USB so that it can't initiate anything. But that brings extreme usability problems, so it's very rare for people to do it in practice.