CVE-2022-35964 is a medium-severity vulnerability affecting TensorFlow, an open-source machine learning platform widely used for developing and deploying machine learning models. The vulnerability arises from improper input validation in the implementation of the BlockLSTMGradV2 operation, a component related to the backpropagation gradient calculation for LSTM (Long Short-Term Memory) neural networks. Specifically, the inputs to BlockLSTMGradV2 are not fully validated, which can cause the program to encounter a segmentation fault (segfault). This segfault can be deliberately triggered by an attacker to cause a denial of service (DoS) condition, crashing the TensorFlow process and potentially disrupting machine learning workflows or services relying on TensorFlow. The issue affects TensorFlow versions prior to 2.7.2, versions 2.8.0 up to but not including 2.8.1, and versions 2.9.0 up to but not including 2.9.1. The vulnerability was patched in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa, with fixes backported to supported versions 2.7.2, 2.8.1, and 2.9.1. There are currently no known workarounds for this issue, and no exploits have been reported in the wild. The vulnerability is categorized under CWE-20 (Improper Input Validation), indicating that the root cause is insufficient validation of inputs before processing, leading to memory corruption and crashes. Since TensorFlow is often integrated into larger systems and services, a successful DoS attack could impact availability of machine learning-based applications or services that rely on TensorFlow for inference or training tasks.

For European organizations, the primary impact of CVE-2022-35964 is on the availability of machine learning services that utilize affected TensorFlow versions. Organizations in sectors such as finance, healthcare, automotive, and telecommunications increasingly rely on machine learning models for critical decision-making, predictive analytics, and automation. A denial of service attack exploiting this vulnerability could disrupt these services, causing operational downtime, loss of productivity, and potential financial losses. While the vulnerability does not directly compromise confidentiality or integrity, the interruption of machine learning workflows could delay critical processes or degrade service quality. Additionally, organizations providing machine learning as a service (MLaaS) or cloud-based AI platforms could face reputational damage if their services become unavailable due to exploitation of this flaw. Since no authentication or user interaction is required to trigger the segfault, any exposed TensorFlow service or API endpoint processing untrusted input could be targeted. However, the impact is somewhat limited by the need for the attacker to supply malicious inputs specifically to the BlockLSTMGradV2 operation, which may require some knowledge of the underlying model architecture or data pipeline. Overall, the vulnerability poses a moderate risk to European organizations dependent on vulnerable TensorFlow versions, especially those with public-facing ML services or automated pipelines processing untrusted data.

1. Immediate upgrade: Organizations should promptly upgrade TensorFlow to version 2.7.2, 2.8.1, 2.9.1, or later, where the vulnerability has been patched. This is the most effective mitigation. 2. Input validation: Implement additional input validation and sanitization at the application level before passing data to TensorFlow operations, especially for inputs that could reach BlockLSTMGradV2. This can reduce the risk of malformed inputs triggering the vulnerability. 3. Isolate ML workloads: Run TensorFlow workloads in isolated environments or containers with resource limits and monitoring to contain potential crashes and prevent cascading failures. 4. Monitoring and alerting: Deploy monitoring to detect abnormal TensorFlow process crashes or service disruptions that could indicate exploitation attempts. 5. Restrict access: Limit access to TensorFlow services or APIs to trusted users and networks to reduce exposure to untrusted inputs. 6. Review model architecture: Where possible, review and adjust model architectures to minimize reliance on vulnerable operations like BlockLSTMGradV2 until patched versions are deployed. 7. Incident response readiness: Prepare incident response plans to quickly recover from potential DoS attacks affecting ML services, including automated restarts and failover mechanisms.