CVE-2022-35994: 
Python vulnerability analysis and mitigation

CVE-2022-35994 is a vulnerability in TensorFlow's CollectiveGather operation that was discovered and disclosed in September 2022. The vulnerability affects TensorFlow versions prior to 2.10.0, with patched versions including 2.7.4, 2.8.3, 2.9.2, and 2.10.0. This security issue was identified in the CollectiveGather operation's input validation mechanism (GitHub Advisory).

The vulnerability occurs when the CollectiveGather operation receives a scalar input, which triggers a CHECK failure in the operation's validation logic. The issue specifically manifests in Eager mode, as the graph mode already implements input shape validation in the shape inference pass. The fix involved adding explicit rank validation to ensure the input tensor has a rank greater than 0 (GitHub Commit).

When exploited, this vulnerability can be used to trigger a denial of service (DoS) attack on systems running affected versions of TensorFlow. The impact is considered Low severity according to the official assessment (GitHub Advisory).

The issue has been patched in multiple TensorFlow versions: 2.10.0 (main release), 2.9.2, 2.8.3, and 2.7.4. Users are advised to upgrade to these patched versions to mitigate the vulnerability. The fix implements proper input validation to prevent the CHECK failure condition (GitHub Advisory).