audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E%21/