Index: /trunk/doc/manual/en_US/user_GuestAdditions.xml
===================================================================
--- /trunk/doc/manual/en_US/user_GuestAdditions.xml (revision 57608)
+++ /trunk/doc/manual/en_US/user_GuestAdditions.xml (revision 57609)
@@ -1857,7 +1857,7 @@
linkend="metrics" /> for information on how to query metrics.
- Enabling Page Fusion might improve the chances for malicious
- guests to successfully attack other VMs running on the same host using
- side-channel attacks, see .
+ Enabling Page Fusion might indirectly increase the chances
+ for malicious guests to successfully attack other VMs running on the
+ same host, see .
Index: /trunk/doc/manual/en_US/user_Security.xml
===================================================================
--- /trunk/doc/manual/en_US/user_Security.xml (revision 57608)
+++ /trunk/doc/manual/en_US/user_Security.xml (revision 57609)
@@ -330,10 +330,11 @@
When Page Fusion (see )
- is enabled, a malicious guest doing a side-channel attack could be
- able to determine the address space layout of another guest running
- on the same host. This would improve the chances of the malicious guest
- to take advantage of other attack vectors he might have against the
- target VM. To prevent potential malcious guest process from doing
- such side-channel attacks, Page Fusion should be disabled.
+ is enabled, it is possible that a side-channel opens up that allows
+ a malicious guest to determin the address space layout (i.e. where
+ DLLs are typically loaded) of one other VM running on the same host.
+ This information leak in it self is harmless, however the malicious
+ guest may use it to optimize attack against that VM via unrelated
+ attack vectors. It is recommended to only enable Page Fusion if you
+ do not think this is a concern in your setup.