Bluetooth “Heartbleed” and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

A pair of critical vulnerabilities has been discovered in Xiaomi’s popular Redmi Buds series, exposing users to privacy leaks and persistent denial-of-service (DoS) attacks. According to a new vulnerability note from CERT/CC, the flaws affect Redmi Buds 3 Pro through 6 Pro, allowing attackers within Bluetooth range to crash devices or steal sensitive call data without ever pairing or authenticating.

The most alarming discovery is CVE-2025-13834, an information leak vulnerability that researchers are comparing to one of the most famous bugs in internet history.

“Notably, the mechanism of this vulnerability is closely related to the infamous Heartbleed bug (CVE-2014-0160)”.

Like Heartbleed, this flaw stems from a failure to properly check the length of incoming data packets. When the device receives a specifically crafted RFCOMM TEST command with a large length field but an empty payload, the firmware “blindly trusts” the request and returns a buffer of uninitialized memory.

The impact of this memory bleed is immediate and personal. “An attacker can exploit this behavior to steal up to 127 bytes of potentially sensitive data, such as the phone number of a user’s active call peer, with a single packet”. This attack can be performed repeatedly without the user noticing, silently siphoning data from the device’s memory pool.

The second vulnerability, CVE-2025-13328, targets the device’s availability. By flooding the earbuds’ standard control channels with a high volume of commands, an attacker can overwhelm the processing queue, leading to resource exhaustion.

This isn’t just a momentary glitch; the attack forces the firmware to crash and terminates any active connections. “To restore functionality, the earbuds must be physically reset by returning them to the charging case”.

The researchers noted that this flooding attack works across multiple channels, including the standard Hands-Free Profile (HFP) and an undocumented “Airoha auxiliary service channel” that was likely intended for internal vendor use.

What makes these vulnerabilities particularly dangerous is the low barrier to entry. The attack requires no user interaction, no pairing, and no authentication.

“The only prerequisite for exploitation is obtaining the MAC address of the target device, which can be discovered through basic Bluetooth sniffing tools”.

In testing, researchers were able to execute these attacks from approximately 20 meters away using standard equipment, though walls and interference could affect the range.

Currently, there is no official patch available. The report states that “Xiaomi could not be reached for statements regarding remediation plans or mitigation guidance”.

Until a firmware update is released, the only effective defense is to minimize exposure. “To reduce exposure, users are advised to disable Bluetooth when the earbuds are not in use, particularly in public or shared environments”.

Related Posts:

• Made by Google 2025: Pixel 10, Pixel Watch 4, and More AI Innovations Revealed
• Qualcomm Unveils the Snapdragon 8 Elite Gen 5, Launching First with Xiaomi
• Xiaomi Limits HyperOS Bootloader Unlocking to One Device Per Account
• Xiaomi Prioritizes Privacy: HyperOS 2.0 to Detect Hidden Cameras
• Chinese Smartphone Makers Unite for Google-Free OS