************************************************************************************************
AmbiqSuite 3.2.0 Known Defects and Patches

The included directories can be dragged and dropped in the base directory /Ambiqsuite/ to replace only the affected files.
The change list and updated files are provided below. In some instances, the same file may be affected by multiple patches. In such cases only the latest, superset version will be provided. 

************************************************************************************************
--------------------------------------------------------------------------------------------------------
General Known Defects and Updates

* KD#1 Updated uart_ble_bridge example - Fix XTAL trimming issue.
- Description: 	Fixed issue with am_util_ble_crystal_trim_set being called before BLE patch loading is complete, 
				causing hardfault in uart_ble_bridge example. Moved am_util_ble_crystal_trim_set to after 
				BLE controller initialization in hci_drv_apollo3.c.
- File/Update: 	Updated the example for the following boards. Replace existing folders and rebuild the example.
		apollo3_evb
		apollo3p_evb

* KD#2 Updated BLE examples - AMOTA profile configuration updates.
- Description: Profile configuration updates across multiple board examples for AMOTA to avoid overlap.
- File/Update: Updated BLE examples with AMOTA profile for the following boards. Replace existing folders and rebuild the example.
		Apollo3_evb
		Apollo3p_evb

* KD#3 Updated hello_fault and pwr_mspi examples - trivial updates on mcuctrl_control.
- Description: 	Updates of function calls to am_hal_mcuctrl_control() to use NULL instead of 0 for the "void*" argument.
- File/Update: 	Updated the examples for the following boards, replace existing folders and rebuild the example.
	        apollo3_evb
		apollo3p_evb
				
* KD#4 Code quality improvements for BLE profiles
- Description: Code quality improvements by using explicit (uint8_t *) casts in memcpy calls and added comment to avoid GCC compiler compatibility warning
- File/Update: 			
		ambiq_ble/apps/adv_ext/adv_ext_main.c
		ambiq_ble/apps/amdtpc/amdtp_main.c
		ambiq_ble/apps/amdtps/amdtp_main.c
   		ambiq_ble/apps/amota/amota_main.c
   		ambiq_ble/apps/ancs/ancs_main.c
   		ambiq_ble/apps/beaconscanner/beaconscanner_main.c
   		ambiq_ble/apps/ibeacon/ibeacon_main.c

* KD#5 CMSIS library updates
- Description: Updated libraries in CMSIS
- File/Update:	- apollo3 and apollo3p MCU register definition updates or formatting changes.
		- CMSIS arm_math.h significantly reduced (minimal version)
		- DSP function headers updated
		- Core ARM headers updated

* KD#6 SVD file changes
- Description: SVD files updated with new register definitions
- File/Update: 	pack/SVD/apollo3.svd
				pack/SVD/apollo3p.svd
   
* KD#7 Cordio BLE stack enhancements
- Description: Enhance security features in BLE Host stack, profiles and updates HCI events handling
- File/Update: 	third_party/cordio/ble-host
		third_party/cordio/ble-profiles
		third_party/cordio/wsf

* KD#8 Add timeout for am_hal_itm_disable()
- Description: Replaced original polling function in am_hal_itm_disable() with a timeout, consistent with newer Ambiq SoCs.
- File/Update: 	
		\mcu\apollo3\hal\am_hal_itm.c
		\mcu\apollo3p\hal\am_hal_itm.c

* KD#9 Fix for am_hal_mcuctrl_control()
- Description: Added validation of pArgs before being used in the am_hal_mcuctrl_control() function
- File/Update: 	
		\mcu\apollo3\hal\am_hal_mcuctrl.c
		\mcu\apollo3p\hal\am_hal_mcucrl.c

* KD#10 Added while(1) for reset
- Description: Added while(1) to am_hal_reset_control() for SWPOR and SWPOI so nothing else gets executed during a pending reset.
- File/Update: 	
		\mcu\apollo3\hal\am_hal_reset.c
		\mcu\apollo3p\hal\am_hal_reset.c

* KD#11 Reverted erroneous DMA restriction in ADC and PDM HAL
- Description: Removed a restriction on DMA to/from DTCM in am_hal_adc_configure_dma() and am_hal_dma_param_setup().
- File/Update: 	
		\mcu\apollo3\hal\am_hal_adc.c
		\mcu\apollo3\hal\am_hal_pdm.c
		
* KD#12 Reverted Ambiq Throughput APK to v2.3.7
- Description: Reverted the Ambiq Throughput APK to v2.3.7 due to install issues on newer Android phones.
- File/Update: 	
		\tools\ble_throughput_app

* KD#13 Updated AMOTA APK 
- Description: Updated the AMOTA APK to support Android 15.
- File/Update: 	
		\tools\apollo3_amota

--------------------------------------------------------------------------------------------------------
Cordio BLE Stack Updates

This portion of the document summarizes known security vulnerabilities affecting the Cordio BLE stack 
and describes their remediation status within AmbiqSuite SDK3.2.0.
The vulnerabilities listed below are associated with publicly disclosed CVEs from 2024. 
All identified issues have been reviewed and addressed through manual code changes, 
configuration hardening, and/or defensive runtime checks as applicable.
--------------------------------------------------------------------------------------------------------

* #1  CVE-2024-48981
- Description: Publicly reported vulnerability affecting Cordio BLE stack behavior under specific malformed or unexpected BLE inputs.
- Status: Already fixed the vulnerabilities on April 22, 2021 prior to the issue being reported
- File/Update: 	N/A

* #2  CVE-2024-48982
- Description: Vulnerability related to improper handling of BLE protocol state or data structures.
- Status: Fix has been implemented by adding minimum length validation for Command Complete/Status events
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c

* #3  CVE-2024-48983
- Description: Reported issue involving potential instability or denial-of-service scenarios.
- Status: Fix has been implemented by adding integer overflow checks in WSF message allocation. 
		Based on mbed-ce/mbed-os PR #388, add overflow protection to prevent integer wrap-around 
		when calculating buffer sizes.
- File/Update:	third_party\cordio\ble-host\sources\hci\ambiq\hci_tr.c
				third_party\cordio\wsf\sources\port\freertos\wsf_msg.c

* #4  CVE-2024-48984
- Description: Vulnerability impacting robustness of BLE event or packet handling.
- Status: Fix has been implemented by adding bounds checking in hciEvtProcessLeExtAdvReport. 
		Based on mbed-ce/mbed-os PR #387, add buffer bounds validation to prevent reading 
		beyond the event data when parsing extended advertising reports.
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c

* #5  CVE-2024-48985
- Description: Issue related to memory handling or unexpected protocol interaction.
- Status: Already fixed the vulnerabilities on April 22, 2021 prior to the issue being reported.
- File/Update: 	N/A

* #6  CVE-2024-48986
- Description: Reported weakness allowing malformed input to affect BLE stack operation.
- Status: Fix has been implemented through handle variable length vendor specific events 
		Based on mbed-ce/mbed-os PR #385, add extra allocation for variable length 
		HCI events to prevent buffer overflow.
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c
				third_party\cordio\ble-host\sources\stack\dm\dm_main.c
				third_party\cordio\ble-profiles\sources\apps\fit\fit_main.c
