If a device fails, then it often could fail to anything.
If you assume the whole box fails, then it fails close. But your question implies a software-failure. Here it also could fail to open. But IMO at least this kind of bug did not show up in the last 20 years for this platform.
Probably only Cisco could find out what will happen in this case. If it is just the ACL operation that fails I would assume that it fails to the security levels. And that could either be close or open.