Researchers from the University of Minnesota - Qiushi Wu and Kangjie Lu in the framework of the study of the "insecurity" of the OSS model tried to find out how likely it is to intentionally add vulnerabilities to projects. Among other things, patches were sent to the Linux kernel.

As a result, 4 patches passed the code review, including 3 containing very serious intentionally added vulnerabilities.

Representatives of the Linux project tried to hide this all, and later filed a complaint about the study to the university administration to try to punish researchers, but did not find support.

Situation with modern Linux is very bad, it is acceptable only on consumer and small usual companies level.

If any of government agencies or even top hacker group will become interested any server can be hacked and almost all traces removed. Modern kernel have around hundred of vulnerabilities allowing to jump from user ring to kernel ring. Windows is very similar here.