CVE-2022-35960 is a medium-severity vulnerability in TensorFlow, an open-source machine learning platform widely used for developing and deploying AI models. The vulnerability resides in the TensorListReserve operation within the core/kernels/list_kernels.cc source file. Specifically, the function assumes that the input tensor 'num_elements' has exactly one element. However, if 'num_elements' contains more than one element, the CHECK_EQ assertion in the CheckIsAlignedAndSingleElement function fails, causing a reachable assertion failure. This means that an attacker who can supply crafted input to TensorListReserve can trigger a denial-of-service (DoS) condition by crashing the TensorFlow process. The issue affects multiple TensorFlow versions: all versions prior to 2.7.2, versions between 2.8.0 and 2.8.1, and versions between 2.9.0 and 2.9.1. The vulnerability was patched in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7 and the fix is included in TensorFlow 2.10.0, with backports planned for 2.7.2, 2.8.1, and 2.9.1. There are no known workarounds for this issue, and no exploits have been observed in the wild. The vulnerability is classified under CWE-617 (Reachable Assertion), indicating that the assertion failure can be triggered by external input, leading to process termination. Exploitation requires the ability to provide malicious input to the TensorListReserve API, which is typically used internally or via TensorFlow's raw operations interface. This vulnerability primarily impacts the availability of TensorFlow-based services by causing crashes, but does not directly compromise confidentiality or integrity. Given TensorFlow's widespread use in AI workloads, especially in research, industry, and cloud environments, this vulnerability could disrupt machine learning pipelines if exploited.

For European organizations, the impact of CVE-2022-35960 centers on availability disruption of AI and machine learning services that rely on vulnerable TensorFlow versions. Organizations in sectors such as finance, healthcare, automotive, and manufacturing increasingly depend on AI models for critical operations, predictive analytics, and automation. A denial-of-service triggered by this vulnerability could interrupt these services, leading to operational delays, reduced productivity, and potential financial losses. Cloud service providers hosting AI workloads could also be affected, impacting multiple tenants. Although the vulnerability does not allow code execution or data leakage, the forced termination of TensorFlow processes could degrade service reliability and trust. Furthermore, organizations using TensorFlow in edge devices or embedded systems might face challenges in remote patching, increasing exposure duration. The lack of known exploits reduces immediate risk, but the absence of workarounds means that unpatched systems remain vulnerable to accidental or malicious crashes. Given the increasing regulatory focus on AI reliability and operational resilience in Europe, such disruptions could also have compliance implications.

To mitigate CVE-2022-35960, European organizations should prioritize upgrading TensorFlow to version 2.10.0 or later, or apply the backported patches for versions 2.7.2, 2.8.1, and 2.9.1 as soon as possible. Since no workarounds exist, patching is the primary defense. Organizations should audit their AI pipelines and software inventories to identify TensorFlow versions in use, including indirect dependencies in container images and cloud environments. Implementing input validation and sanitization at the application layer before invoking TensorFlow raw operations can reduce the risk of malformed inputs triggering the assertion. Monitoring TensorFlow process stability and setting up automated restarts or failover mechanisms can help maintain availability in case of crashes. For cloud deployments, leveraging managed AI services that promptly apply security updates can reduce exposure. Additionally, organizations should review access controls to limit who can supply inputs to TensorFlow APIs, reducing the attack surface. Finally, integrating this vulnerability into vulnerability management and incident response plans ensures timely detection and remediation.