Skip to main content

NULL pointer dereference when processing accept system call by user process on AF_MSM_IPC sockets (CVE-2016-5870)

Release Date:

November 30, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:


CVE ID(s):



The following security vulnerabilities have been identified: CVE-2016-5870 Fail cases of accept() system call on AF_MSM_IPC socket family causes NULL pointer de-reference of sock structure variable in release operation.

Access Vector: Local
Security Risk: Medium
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.


We advise customers to apply the following patches:

Individual Patches


This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.


Second revision. The original posting had an incorrect CVE ID, it should be CVE-2016-5870