CVE-2022-35940 is a medium-severity integer overflow vulnerability in TensorFlow, an open-source machine learning platform widely used for developing and deploying ML models. The vulnerability exists in the RaggedRangOp function, which accepts a parameter named 'limits'. This parameter is eventually converted into a TensorShape using a 64-bit integer (int64). If an attacker supplies a very large floating-point value for 'limits', the conversion to int64 can overflow or wrap around, causing an invalid argument error. More critically, this overflow triggers an abort signal that crashes the TensorFlow process. This denial-of-service (DoS) condition can disrupt applications relying on TensorFlow for machine learning tasks. The issue affects TensorFlow versions prior to 2.7.2, versions 2.8.0 up to but not including 2.8.1, and versions 2.9.0 up to but not including 2.9.1. The vulnerability has been patched in TensorFlow 2.10.0 and backported to supported versions 2.7.2, 2.8.1, and 2.9.1. There are no known workarounds, and no exploits have been observed in the wild to date. The root cause is a classic integer overflow (CWE-190) during type conversion, which leads to an unhandled abort signal and application crash, impacting availability but not directly compromising confidentiality or integrity. Exploitation requires supplying crafted input to the vulnerable function, which may be possible in environments where untrusted data is processed by TensorFlow models or services.

For European organizations, the primary impact of this vulnerability is a potential denial-of-service condition in systems leveraging vulnerable TensorFlow versions. Organizations using TensorFlow for critical ML workloads—such as financial institutions performing fraud detection, healthcare providers analyzing medical data, or manufacturing firms using predictive maintenance—may experience service disruptions if an attacker supplies maliciously crafted input to trigger the overflow. While the vulnerability does not appear to allow remote code execution or data leakage, the availability impact could interrupt automated decision-making processes or ML-driven services, leading to operational downtime and potential financial loss. Given TensorFlow's widespread adoption in research, industry, and government projects across Europe, the vulnerability could affect cloud services, on-premises deployments, and edge devices running vulnerable versions. The lack of known exploits reduces immediate risk, but the absence of workarounds means that unpatched systems remain vulnerable to crashes. Organizations with exposed ML inference endpoints or those processing untrusted inputs should be particularly cautious. Additionally, disruption in ML pipelines could delay analytics and reporting, impacting business continuity.

European organizations should prioritize upgrading TensorFlow to version 2.10.0 or later, or apply the backported patches available for versions 2.7.2, 2.8.1, and 2.9.1. Since no workarounds exist, patching is the only effective mitigation. Organizations should audit their environments to identify all TensorFlow deployments, including containerized applications, cloud ML services, and embedded systems. Implement input validation and sanitization at the application layer to restrict or verify the size and type of inputs passed to TensorFlow functions, especially those involving 'limits' parameters or similar constructs. Where possible, isolate ML workloads processing untrusted data in sandboxed or containerized environments to limit the blast radius of potential crashes. Monitoring and alerting should be enhanced to detect abnormal TensorFlow process terminations or crashes, enabling rapid incident response. For cloud-based ML services, coordinate with providers to confirm patch status and request updates if necessary. Finally, incorporate this vulnerability into vulnerability management and patching cycles to ensure timely remediation.