In an effort to make sudo less vulnerable to ROWHAMMER attacks, changes have been made to use ROWHAMMER-resistant values for certain variables. This includes ALLOW, DENY, AUTH_SUCCESS, AUTH_FAILURE, AUTH_ERROR, and AUTH_NONINTERACTIVE. Additionally, the parser match functions now explicitly check for expected values instead of accepting anything that is not set to UNSPEC. The report on this improvement was made by Andrew J. Adiletta, M. Caner Tol, Yarkin Doroz, and Berk Sunar from the Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute. A preprint of the paper detailing the changes can be found at the provided link.
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f