In 2003, an attempt was made to backdoor the Linux kernel. The Linux source code was stored using a system called BitKeeper, but some developers preferred to use CVS. On November 5, 2003, it was discovered that a code change in the CVS copy had not been approved and did not exist in the BitKeeper repository. Further investigation revealed that someone had broken into the CVS server and inserted the change. The change added two lines of code to the wait4 function, which had the effect of giving root privileges to any software that called wait4 in a certain way. This was a clever backdoor attempt, but the Linux team caught it and prevented any harm. It is unclear who was behind the attack and we may never know.
https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/