CVE-2016-5862
Description
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A type casting error in Qualcomm kernel codec handling allows local users to cause a kernel crash and device restart.
Vulnerability
A type casting error exists in the kernel codec control handling in many Qualcomm products, including Android for MSM, Firefox OS for MSM, and QRD Android. When a userspace application issues a control related to a codec, the kernel incorrectly performs type casting to the container structure instead of the codec's individual structure. This vulnerability affects all such devices prior to the May 2017 security patch [1].
Exploitation
An attacker with local user access can trigger this vulnerability by sending a crafted control request to the codec driver from userspace. No additional privileges are required; the attacker only needs the ability to interact with the codec device interface.
Impact
Successful exploitation causes a kernel crash, leading to a device restart (denial of service). No privilege escalation or data disclosure is indicated in the available references.
Mitigation
A fix was included in the Android Security Bulletin for May 2017 [1]. Users should apply the Android security update or install the latest firmware from their device manufacturer. No workarounds are documented.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Qualcomm, Inc./All Qualcomm productsv5Range: Android for MSM, Firefox OS for MSM, QRD Android
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- source.android.com/security/bulletin/2017-05-01nvdPatchVendor Advisory
- source.codeaurora.org/quic/la//kernel/msm-4.4/commit/nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/98194nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.