CVE-2022-35938 is a medium-severity vulnerability in TensorFlow, an open-source machine learning platform widely used for developing and deploying AI models. The vulnerability arises from an out-of-bounds read condition in the GatherNd function, which is responsible for gathering slices from a tensor based on provided indices. Specifically, if the input indices exceed or equal the size of the output tensor dimensions, the function attempts to read memory outside the allocated bounds. This can lead to a crash or potentially expose sensitive memory contents. The issue affects multiple TensorFlow versions prior to 2.7.2, as well as certain patch versions in the 2.8.x and 2.9.x branches, all of which are still supported. The vulnerability was addressed in a GitHub commit (4142e47e9e31db481781b955ed3ff807a781b494) and is included in TensorFlow 2.10.0, with backported fixes for 2.7.2, 2.8.1, and 2.9.1. No known exploits have been reported in the wild, and there are no effective workarounds aside from applying the patch. The vulnerability is classified under CWE-125 (Out-of-bounds Read), which can compromise program stability and potentially leak sensitive information if exploited. Since TensorFlow is often integrated into critical AI workflows and services, this flaw could impact the integrity and availability of machine learning applications if exploited, especially in environments processing sensitive data or operating in production.

For European organizations, the impact of CVE-2022-35938 depends largely on their reliance on vulnerable TensorFlow versions within AI and machine learning pipelines. Organizations in sectors such as finance, healthcare, automotive, and telecommunications that leverage TensorFlow for data analysis, predictive modeling, or autonomous systems may face risks including application crashes leading to denial of service, and potential exposure of sensitive data through memory disclosure. This could disrupt critical services, degrade trust in AI-driven decision-making, and lead to regulatory compliance issues under GDPR if personal data is involved. While no active exploitation is known, the vulnerability's presence in supported TensorFlow versions means that unpatched systems remain at risk. The out-of-bounds read could be triggered remotely if user-supplied data is processed without validation, increasing the attack surface. Additionally, the integrity of AI model outputs could be compromised if attackers manipulate inputs to induce abnormal behavior or crashes. Given the growing adoption of AI technologies in Europe, this vulnerability poses a moderate risk to operational continuity and data confidentiality in affected organizations.

European organizations should prioritize upgrading TensorFlow installations to version 2.10.0 or later, or apply the backported patches available for versions 2.7.2, 2.8.1, and 2.9.1 to remediate the vulnerability. It is critical to audit all AI/ML pipelines and environments to identify TensorFlow versions in use, including containerized deployments and cloud-based services. Implement strict input validation and sanitization for any data fed into the GatherNd function or related tensor operations to reduce the risk of triggering out-of-bounds reads. Employ runtime application self-protection (RASP) or memory safety tools to detect and prevent anomalous memory access patterns. Monitor application logs and crash reports for signs of exploitation attempts. Where feasible, isolate AI workloads processing untrusted data in sandboxed environments to limit impact. Finally, maintain an up-to-date inventory of AI components and integrate vulnerability scanning into the CI/CD pipeline to catch vulnerable TensorFlow versions before deployment.