Qualcomm GBL exploit unlocks bootloader on modern Android phones

A new vulnerability has been discovered in the Android world that could change how manufacturers view smartphone bootloader locking. Researchers have found a way to bypass restrictions in the Qualcomm bootloader architecture, making it possible to run unsigned code and unlock the bootloader on some modern flagship devices previously considered nearly impossible to modify.

The issue relates to the loading mechanism of the Generic Bootloader Library component. On devices with Android 16, the Qualcomm bootloader attempts to load this module from the efisp partition, but it only checks for the presence of a UEFI application, not its authenticity. This creates an opportunity to replace the partition's contents and execute arbitrary code. The exploit has been tentatively named the Qualcomm GBL Exploit and is being actively discussed among the developer community in recent days.

The mechanism itself requires a chain of additional vulnerabilities. To write data to the efisp partition, attackers first switch the SELinux security system from strict enforcement to permissive mode. This became possible due to an error in the fastboot oem set-gpu-preemption command, which accepts additional parameters without verification. As a result, a system startup parameter can be added that changes the SELinux mode and allows the attack to proceed.

In practice, this chain has already been used to unlock bootloaders on several new devices, including the Xiaomi 17, Redmi K90 Pro Max, and POCO F8 Ultra, all built on the flagship Snapdragon 8 Elite Gen 5 chip. Qualcomm has confirmed the existence of the problem and stated that fixes were already delivered to smartphone manufacturers in early March 2026. Users are advised to install security updates, although these will likely close this newfound bootloader unlocking opportunity.