-1120w630h.webp "Qualcomm Snapdragon 8 Elite Gen 5 illustration")
Not too long after the discovery of the recent MediaTek vulnerability, a new exploit chain has come knocking on Qualcomm's door. This time, it affects flagship smartphones running Android 16, allowing users to bypass the OEM restrictions on Snapdragon 8 Elite Gen 5-powered smartphones. This way, Xiaomi 17 users can actually unlock the bootloader.
Xiaomi 17 bootloader unlock possible now
Reported first by Android Authority with inputs from developer Roger Ortiz, a new exploit discovered in Qualcomm processors allows effortless bootloader unlocking, primarily on recent Xiaomi smartphones powered by the Snapdragon 8 Elite Gen 5 chipset.
Dubbed as the Qualcomm GBL Exploit, the vulnerability targets how these smartphones load the Generic Bootloader Library. On Android 16, Qualcomm's Bootloader ABL loads the GBL from the efisp partition but fails to verify its authenticity, allowing unsigned code execution.
Imagine this as opening the door for one person out of the two to enter your home and then forgetting to close it, leading to the other entering as well. To make the exploit work, it is used with another security flaw.
By exploiting a fastboot command called fastboot oem set-gpu-preemption, users can force the phone's SELinux security into Permissive mode. Upon reboot, a custom app runs unchecked and permanently unlocks the bootloader.
.webp "Xiaomi 17 in blue colourway from the back and front")
For those unaware, SELinux is a module in Android's kernel that restricts actions with root privileges if they don't meet Android's set security standards. The fastboot command allows a user to override that security setting as a developer (with Developer Options turned on).
This workaround has been a massive breakthrough for Xiaomi 17 users in China, allowing them to bypass the brand's strict unlocking restrictions, which require users to wait for weeks. However, this vulnerability could be patched soon, as the report suggests Xiaomi is preparing a new Hyper OS 3.0.304.0 update to fix the issue.
While there haven't been any reports of this system working on other Snapdragon 8 Elite Gen 5 smartphones like Galaxy S26 Ultra or OnePlus 15, this exploit could theoretically allow users to unlock the bootloader on other devices too. Users especially fed up with Samsung's recent decision to kill Odin, could potentially try this at their own risk.
