CVE-2022-35983 is a vulnerability identified in TensorFlow, an open-source machine learning platform widely used for developing and deploying machine learning models. The issue arises when the `Save` or `SaveSlices` functions are invoked on tensors with unsupported data types (`dtype`). This triggers a `CHECK` failure, which is an assertion failure within the TensorFlow codebase, leading to a program crash. The vulnerability is classified under CWE-617 (Reachable Assertion), indicating that an assertion statement can be triggered by external input, causing the application to terminate unexpectedly. The affected TensorFlow versions include all releases prior to 2.7.2, versions from 2.8.0 up to but not including 2.8.1, and versions from 2.9.0 up to but not including 2.9.1. The issue has been patched in TensorFlow 2.10.0 and backported to versions 2.7.2, 2.8.1, and 2.9.1. There are no known workarounds, and no exploits have been reported in the wild to date. The vulnerability can be triggered by providing tensors of unsupported data types to the save functions, causing a denial of service (DoS) by crashing the TensorFlow process. This affects the availability of services relying on TensorFlow for machine learning tasks, particularly those that perform model saving or checkpointing operations. Since TensorFlow is often embedded in larger applications or services, this vulnerability could disrupt machine learning workflows or production environments that depend on continuous model training or inference pipelines.

For European organizations, the primary impact of CVE-2022-35983 is a denial of service condition affecting machine learning infrastructure. Organizations utilizing TensorFlow for critical AI/ML workloads—such as financial institutions, healthcare providers, automotive manufacturers, and research institutions—may experience interruptions in model training, evaluation, or deployment processes. This could delay decision-making, degrade service quality, or halt automated systems relying on ML models. The vulnerability does not directly compromise confidentiality or integrity but impacts availability, which can have cascading effects on business operations. Given the growing adoption of AI/ML in sectors like finance, healthcare, and manufacturing across Europe, the disruption potential is significant, especially in environments where TensorFlow is integrated into production pipelines without adequate isolation or failover mechanisms. Additionally, since no authentication or user interaction is required to trigger the assertion failure (assuming an attacker or malformed input can be supplied to the save functions), the risk is elevated in multi-tenant or exposed environments where untrusted inputs might reach TensorFlow components.

To mitigate this vulnerability, European organizations should prioritize upgrading TensorFlow installations to version 2.10.0 or later, or apply the backported patches available for versions 2.7.2, 2.8.1, and 2.9.1. Given the absence of workarounds, patching is the most effective defense. Organizations should audit their machine learning pipelines to identify any use of the `Save` or `SaveSlices` functions and validate the data types of tensors being saved to ensure they conform to supported types. Implementing input validation and sanitization at the application layer before invoking TensorFlow save operations can reduce the risk of triggering the assertion. Additionally, deploying TensorFlow services with process isolation and monitoring for unexpected crashes can help detect exploitation attempts early. For critical environments, consider implementing redundancy and failover mechanisms to maintain availability if a TensorFlow process crashes. Finally, restrict access to TensorFlow model saving interfaces to trusted users and systems to minimize exposure to malformed inputs.