************************************************************************************************
AmbiqSuite 5.1.0 Known Defects and Patches

The included directories can be dragged and dropped in the base directory /Ambiqsuite/ to replace only the affected files.
The change list and updated files are provided below. In some instances, the same file may be affected by multiple patches. In such cases only the latest, superset version will be provided. 

************************************************************************************************
--------------------------------------------------------------------------------------------------------
General Known Defects and Updates

* KD #1 New BLE Examples
- Description: Added several new BLE examples to help developers test BLE features.
- File/Update: Please add the examples into board\apollo510b_evb and rebuild the example. Newly added examples:
		ble_freertos_central_past
		ble_freertos_central_subrate
		ble_freertos_cssa
		ble_freertos_periodic_adv
		ble_freertos_peripheral_past
		ble_freertos_peripheral_subrate
		
* KD #2 Updated BLEC firmware
- Description: Updated BLEC firmware to v4.5.1.0.
- File/Update: See \docs\releasenotes\BLE_Firmware_Release_Notes.txt. In the ble_firmware_update example section, rebuild the example.
				third_party\cordio\ble-host\sources\hci\ambiq\em9305\ble_fw_image_em9305.h
				third_party\cordio\ble-host\sources\hci\ambiq\em9305\hci_drv_em9305.h

* KD #3 Rollback BLE Throughput Test Android Application
- Description: BLE throughput test android application has been rollback to v2.3.7.
- File/Update: Remove the existing Ambiq BLE Test v2.3.8.apk in tools\ble_throughput_app and replace it with Ambiq BLE Test v2.3.7.apk. User can install the rollback version into their android phone for testing.

* KD #4 Update BLE AMOTA firmware update Android Application
- Description: BLE over the air firmware updater android application has been updated into v2.0.0 to support newer Android version.
- File/Update: Remove the existing Application-debug.apk in tools\apollo5_amota and replace it with Ambiq_AMOTA_2.0.0-signed.apk. User can install the latest version into their android phone for testing.

--------------------------------------------------------------------------------------------------------
Cordio BLE Stack Updates

This portion of the document summarizes known security vulnerabilities affecting the Cordio BLE stack 
and describes their remediation status within AmbiqSuite SDK5.1.0.
The vulnerabilities listed below are associated with publicly disclosed CVEs from 2024. 
All identified issues have been reviewed and addressed through manual code changes, 
configuration hardening, and/or defensive runtime checks as applicable.
--------------------------------------------------------------------------------------------------------

* #1  CVE-2024-48981
- Description: Publicly reported vulnerability affecting Cordio BLE stack behavior under specific malformed or unexpected BLE inputs.
- Status: Already fix the vulnerabilities on April 22, 2021 prior to the issue got reported
- File/Update: 	N/A

* #2  CVE-2024-48982
- Description: Vulnerability related to improper handling of BLE protocol state or data structures.
- Status: Fix has been implemented by adding minimum length validation for Command Complete/Status events
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c

* #3  CVE-2024-48983
- Description: Reported issue involving potential instability or denial-of-service scenarios.
- Status: Fix has been implemented by adding integer overflow checks in WSF message allocation. 
		Based on mbed-ce/mbed-os PR #388, add overflow protection to prevent integer wrap-around 
		when calculating buffer sizes.
- File/Update:	third_party\cordio\ble-host\sources\hci\ambiq\hci_tr.c
				third_party\cordio\wsf\sources\port\freertos\wsf_msg.c

* #4  CVE-2024-48984
- Description: Vulnerability impacting robustness of BLE event or packet handling.
- Status: Fix has been implemented by adding bounds checking in hciEvtProcessLeExtAdvReport. 
		Based on mbed-ce/mbed-os PR #387, add buffer bounds validation to prevent reading 
		beyond the event data when parsing extended advertising reports.
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c

* #5  CVE-2024-48985
- Description: Issue related to memory handling or unexpected protocol interaction.
- Status: Already fix the vulnerabilities on April 22, 2021 prior to the issue got reported
- File/Update: 	N/A

* #6  CVE-2024-48986
- Description: Reported weakness allowing malformed input to affect BLE stack operation.
- Status: Fix has been implemented through handle variable length vendor specific events 
		Based on mbed-ce/mbed-os PR #385, add extra allocation for variable length 
		HCI events to prevent buffer overflow.
- File/Update: 	third_party\cordio\ble-host\sources\hci\ambiq\hci_evt.c
				third_party\cordio\ble-host\sources\stack\dm\dm_main.c
				third_party\cordio\ble-profiles\sources\apps\fit\fit_main.c
