Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of file descriptors or integer values. All versions below Lollipop 5.1 are affected.
7a9d9c85defcd399d9d180f6f2d157c0f5162a1b72a087f5a37b9316acaaa642