Skip to main content

Elevation of Privilege Vulnerability in the Performance Component (CVE-2016-0819)

Release Date:

May 13, 2016

Affected Projects:

Android for MSM

Advisory ID:


CVE ID(s):



CVE-2016-0819 A double-free in the performance component may result in elevation of privilege and execution of arbitrary code in the kernel. When a perf event is opened with the constraint_duplicate bit set, disabled, and then fd is closed, perf_release() causes the kernel to clean up the event as if it still were enabled, leading to the event being removed from a list twice.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:


We advise customers to apply the following patches:

Note: This issue has been published in the Nexus Security Bulletin – April 2016 (


This issue was reported to Google by a security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.


Initial revision