The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.