CVE-2022-35991 is a vulnerability identified in TensorFlow, an open-source machine learning platform widely used for developing and deploying machine learning models. The issue arises specifically in the TensorFlow operations `TensorListScatter` and `TensorListScatterV2`. When these operations receive an `element_shape` parameter with a rank greater than one, they trigger a CHECK failure, which is an assertion mechanism used internally by TensorFlow to validate assumptions during execution. This failure leads to a denial of service (DoS) condition by causing the affected process to crash or terminate unexpectedly. The root cause is classified under CWE-617 (Reachable Assertion), indicating that an assertion can be triggered by crafted input, potentially disrupting normal operation. The vulnerability affects multiple TensorFlow versions: all versions prior to 2.7.2, versions between 2.8.0 and 2.8.1, and versions between 2.9.0 and 2.9.1. The issue has been patched in TensorFlow 2.10.0 and backported to supported versions 2.7.2, 2.8.1, and 2.9.1. No known workarounds exist, and no exploits have been observed in the wild to date. The vulnerability requires an attacker to supply malformed input to the TensorListScatter operations, which may be possible in environments where untrusted data is processed by TensorFlow models. The impact is primarily denial of service, affecting availability rather than confidentiality or integrity. Since TensorFlow is often deployed in server environments, cloud platforms, and edge devices for machine learning workloads, this vulnerability could disrupt AI services or pipelines if exploited.

For European organizations, the primary impact of CVE-2022-35991 is the potential disruption of machine learning services that rely on vulnerable TensorFlow versions. This could affect industries such as finance, healthcare, automotive, and manufacturing, where AI-driven analytics, predictive modeling, or automation are critical. A denial of service attack could lead to downtime of AI applications, delayed processing, or interruption of automated decision-making systems, potentially causing operational inefficiencies or service unavailability. While the vulnerability does not directly compromise data confidentiality or integrity, the loss of availability can have cascading effects, especially in time-sensitive or safety-critical applications. Organizations using TensorFlow in multi-tenant or cloud environments may face increased risk if attackers can supply malicious inputs remotely. Additionally, research institutions and AI startups across Europe that deploy TensorFlow models in production environments could experience service interruptions. The absence of known exploits reduces immediate risk, but the widespread use of TensorFlow and the lack of workarounds necessitate prompt patching to mitigate potential future attacks.

European organizations should prioritize upgrading TensorFlow installations to version 2.10.0 or later, or apply the backported patches available in versions 2.7.2, 2.8.1, and 2.9.1. Since no workarounds exist, patching is the only effective mitigation. Organizations should audit their environments to identify all TensorFlow deployments, including development, testing, and production systems, to ensure comprehensive coverage. Implement input validation and sanitization where possible to restrict or verify the shape and rank of tensors passed to TensorListScatter operations, reducing the risk of malformed inputs triggering the assertion. Deploy runtime monitoring and anomaly detection to identify unexpected crashes or service interruptions in AI workloads. For cloud-based deployments, leverage provider security features such as network segmentation and access controls to limit exposure to untrusted inputs. Additionally, incorporate TensorFlow vulnerability scanning into regular security assessments and CI/CD pipelines to detect and remediate outdated versions proactively. Document and test incident response procedures for AI service disruptions to minimize downtime if exploitation occurs.