CVE-2020-35501: 
Linux Kernel vulnerability analysis and mitigation

A flaw was discovered in the Linux kernel's implementation of audit rules (CVE-2020-35501), where a syscall can unexpectedly not be correctly logged by the audit subsystem. The vulnerability was reported on December 17, 2020, affecting Linux kernel versions up to 5.17 (NVD).

The vulnerability specifically affects the kernel's audit by access permission feature, which fails to record open_by_handle_at syscalls. The issue has been assigned a CVSS v3.1 Base Score of 3.4 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N, indicating local access requirements and low severity impact (NVD).

The vulnerability does not grant users access to unauthorized resources but rather affects the audit logging functionality. When exploited, the audit log trail would not contain the log events of access for the open_by_handle_at syscall, potentially impacting system monitoring and security auditing capabilities (Red Hat Bugzilla).

A workaround exists where the syscall can still be audited by using the 'syscall auditing feature' by passing open_by_handle_at to it in the rule. This mechanism is commonly used in existing auditing ruleset requirements (Red Hat Bugzilla).

The vulnerability was publicly disclosed on February 18, 2021, through the oss-security mailing list. It was initially discovered and reported by Felix Kosterhon from SECUINFRA GmbH (Red Hat Bugzilla).