Unlocking the bootloader on Qualcomm’s new chips, the new exploit that modders like

Qualcomm’s Snapdragon 8 Elite Gen 5 is rapidly establishing itself as the benchmark processor for high-end Android smartphones, finding its way into devices that have been highly anticipated, such as the Xiaomi 17 series and OnePlus 15.

In recent hours, however, the focus of the enthusiast and developer community has shifted to an unexpected discovery.

It has emerged, in fact, a new exploit capable of targeting Qualcomm’s latest processors, offering users the possibility to unlock the bootloader on devices that, until now, had proven extremely difficult to modify.

The new flaw in Qualcomm processors that allows bootloader unlocking

This vulnerability, dubbed the Qualcomm GBL Exploit, is based on a design oversight related to loading the Generic Bootloader Library, a software component introduced with the Android 16 operating system.

In short, the custom Android bootloader developed by Qualcomm attempts to load this specific library from the system partition efisp.

The error lies in the fact that the bootloader merely checks for the simple presence of a UEFI application within that memory space, completely omitting the necessary cryptographic checks on its real authenticity.

This deficiency opens a real security flaw, allowing uncontrolled execution of unsigned code before the main operating system boots.

Bypassing the built-in protections

Writing into the dedicated partition, however, is not an immediate operation for a typical user or app. The operating system’s defenses, and in particular the SELinux module set to restrictive mode, normally block any unauthorized write attempts.

To overcome this obstacle, the exploit authors discovered another flaw, chaining it to the first to obtain the necessary permissions.

It has been discovered that a specific fastboot command, theoretically intended for managing GPU preallocations, accepts input parameters without any sanitization or filtering.

By adding a custom string to the end of the command, it becomes possible to trick the system and force SELinux into permissive mode, paving the way for installing modified UEFI code.

Impact on Xiaomi devices

The practical application of this sophisticated chain of vulnerabilities immediately found fertile ground on Xiaomi devices, particularly on the all-new 17 series, the Redmi K90 Pro Max and the POCO F8 Ultra.

Exploiting the elevated privileges of a diagnostic app integrated into the Hyper OS interface, the procedure manages to inject the custom software. On the next reboot, the code runs, directing the system to set the unlocking parameters exactly as would occur through the official channels authorized by the OEM.

This discovery generated great enthusiasm among Chinese users, who in recent months had heavily confronted the manufacturer’s stringent policies for granting unlocks, often tied to extended timelines and the approval of selective questionnaires.

The Asian company has nevertheless already mobilized to curb the phenomenon, promptly distributing corrective updates that neutralize the software procedure; for this reason, many specialized forums suggest temporarily disabling internet connectivity to inhibit automatic firmware updates.

Outlook for other brands

At present, the true global scope of this weakness remains to be clarified. Since the vulnerability is intrinsically tied to Android 16 features, the issue should theoretically extend to all manufacturers that adopt Qualcomm’s standard boot solutions, though requiring different exploit chains depending on each brand’s software customizations.

A notable exception is Samsung, which, relying on its own proprietary S-Boot, appears immune to this specific dynamic.

Qualcomm has already intervened to fix the error related to the implicated fastboot commands, closing the initial access port, but it is not yet known whether the structural flaw underlying the GBL has been definitively patched and distributed to various commercial partners.