Robert Triggs / Android Authority
TL;DR
- Qualcomm confirmed that fixes for the GBL exploit were provided to Android device makers earlier this month.
- The exploit, discovered by Xiaomi ShadowBlade Security Lab, was a key component in unlocking bootloaders on Snapdragon 8 Elite Gen 5 phones.
- While Qualcomm recommends immediately updating phones as soon as security updates are available, these security patches will effectively close the loophole used for bootloader unlocking.
We recently reported on the new Qualcomm GBL exploit, which was chained with other exploits to unlock the bootloaders of several Snapdragon 8 Elite Gen 5 flagship phones. Qualcomm has now shared with us a statement on the GBL exploit, confirming that fixes have already been provided to Android brands.
Don’t want to miss the best from Android Authority?
A Qualcomm spokesperson shared with us the following statement:
Developing technologies that endeavor to support robust security and privacy is a priority for Qualcomm Technologies. We commend the researchers from the Xiaomi ShadowBlade Security Lab for using coordinated disclosure practices. Regarding their GBL-related research, fixes were made available to our customers in early March 2026. We encourage end users to apply security updates as they become available from device makers.
The statement attributes the research behind the GBL exploit to the Xiaomi ShadowBlade Security Lab, and notes that fixes for it were made available to Android brands earlier this month.
Qualcomm’s statement encourages users to install security updates as soon as they become available, which is great advice for everyone. However, as we noted in our original coverage, these security updates will patch the exploit and close the loophole used to unlock the bootloaders of some notoriously difficult-to-unlock devices, so Android enthusiasts might want to hold off on updates (as long as they understand all associated risks).
There are still some unknowns. Qualcomm’s statement does not mention which devices are affected. Based on our investigation, it appears that Snapdragon 8 Elite Gen 5-based flagships from all OEMs (except Samsung) are susceptible to the GBL exploit. Xiaomi’s flagship lineup has been successfully bootloader-unlocked using the GBL exploit chained with other exploits. However, further exploits in the chain will differ across brands, which affects how useful the GBL exploit is to the Android enthusiast community eagerly awaiting bootloader unlocking. Hopefully, we can see bootloader unlocking become available for more phones before the security patches are widely rolled out.
Thank you for being part of our community. Read our Comment Policy before posting.
