Doc Minor edits to Security page

Signed-off-by: Deb Taylor <deb.taylor@intel.com>

doc/asa.rst

@@ -3,84 +3,96 @@
 Security Advisory
 *****************
 
-We recommend that all developers upgrade to this v1.6 release, which addresses the following security
+We recommend that all developers upgrade to this v1.6 release, which
-issues that were discovered in previous releases:
+addresses the following security issues that were discovered in previous releases:
 
-Hypervisor Crashed When Fuzzing HC_DESTROY_VM
+Hypervisor Crashes When Fuzzing HC_DESTROY_VM
-   The input 'vdev->pdev' shall be validated properly when handling HC_SET_PTDEV_INTR_INFO,
+   The input 'vdev->pdev' should be validated properly when handling
-   to insure physical device is linked to 'vdev', otherwise hypervisor will crash when fuzzing
+   HC_SET_PTDEV_INTR_INFO to ensure that the physical device is linked to
+   'vdev'; otherwise, the hypervisor crashes when fuzzing the
    hypercall HC_DESTROY_VM with crafted input.
 
    | **Affected Release:** v1.5 and earlier.
    | Upgrade to ACRN release v1.6.
 
-Hypervisor Crashed When Fuzzing HC_VM_WRITE_PROTECT_PAGE
+Hypervisor Crashes When Fuzzing HC_VM_WRITE_PROTECT_PAGE
-   The input GPA is not validated when handling this hypercall, Invalid GPA that is not
+   The input GPA is not validated when handling this hypercall; an "Invalid
-   in the scope of the target VM's EPT address space results in hypervisor crash when
+   GPA" that is not in the scope of the target VM's EPT address space results
-   handing this hypercall.
+   in the hypervisor crashing when handling this hypercall.
 
    | **Affected Release:** v1.4 and earlier.
    | Upgrade to ACRN release v1.6.
 
-Hypervisor Crashed When Fuzzing HC_NOTIFY_REQUEST_FINISH
+Hypervisor Crashes When Fuzzing HC_NOTIFY_REQUEST_FINISH
-   The input is not validated properly when handing this hypercall, 'vcpu_id' shall be
+   The input is not validated properly when handing this hypercall;
-   less than 'vm->hw.created_vcpus' instead of 'MAX_VCPUS_PER_VM'. When the software
+   'vcpu_id' should be less than 'vm->hw.created_vcpus' instead of
-   fails to validate input properly, hypervisor will crash when handling crafted inputs.
+   'MAX_VCPUS_PER_VM'. When the software fails to validate input properly,
+   the hypervisor crashes when handling crafted inputs.
 
    | **Affected Release:** v1.4 and earlier.
    | Upgrade to ACRN release v1.6.
 
 Mitigation for Machine Check Error on Page Size Change
-   Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Malicious guest kernel could trigger this issue, CVE-2018-12207.
+   Improper invalidation for page table updates by a virtual guest operating
+   system for multiple Intel(R) Processors may allow an authenticated user
+   to potentially enable denial of service of the host system via local
+   access. A malicious guest kernel could trigger this issue, CVE-2018-12207.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
 AP Trampoline Is Accessible to the Service VM
-   This vulnerability is triggered when validating the memory isolation between the VM and hypervisor. The AP Trampoline code exists in the LOW_RAM region in the hypervisor but is
+   This vulnerability is triggered when validating the memory isolation
-   potentially accessible to the Service VM. This could be used by an attacker to mount DoS
+   between the VM and the hypervisor. The AP Trampoline code exists in the
-   attacks on the hypervisor if the Service VM is compromised.
+   LOW_RAM region of the hypervisor but is potentially accessible to the
+   Service VM. This could be used by an attacker to mount DoS attacks on the
+   hypervisor if the Service VM is compromised.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
 Improper Usage Of the ``LIST_FOREACH()`` Macro
-   Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used in some cases
+   Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used
-   which could induce a "wild pointer" and cause the ACRN Device Model to crash. Attackers
+   in some cases which could induce a "wild pointer" and cause the ACRN
-   can potentially use this issue to cause denial of service (DoS) attacks.
+   Device Model to crash. Attackers can potentially use this issue to cause
+   denial of service (DoS) attacks.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
-Hypervisor Crashed When Fuzzing HC_SET_CALLBACK_VECTOR
+Hypervisor Crashes When Fuzzing HC_SET_CALLBACK_VECTOR
-   This vulnerability was reported by the Fuzzing tool for the debug version of ACRN. When the software fails
+   This vulnerability was reported by the Fuzzing tool for the debug version
-   to validate input properly, an attacker is able to craft the input in a form that is
+   of ACRN. When the software fails to validate input properly, an attacker
-   not expected by the rest of the application. This can lead to parts of the system
+   is able to craft the input in a form that is not expected by the rest of
-   receiving unintended inputs, which may result in an altered control flow, arbitrary control
+   the application. This can lead to parts of the system receiving
-   of a resource, or arbitrary code execution.
+   unintended inputs, which may result in an altered control flow, arbitrary
+   control of a resource, or arbitrary code execution.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
 FILE Pointer Is Not Closed After Using
-   This vulnerability was reported by the Fuzzing tool. Leaving the file unclosed will cause a
+   This vulnerability was reported by the Fuzzing tool. Leaving the file
-   leaking file descriptor and may cause unexpected errors in the Device Model program.
+   unclosed will cause a leaking file descriptor and may cause unexpected
+   errors in the Device Model program.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
 Descriptor of Directory Stream Is Referenced After Release
-   This vulnerability was reported by the Fuzzing tool. A successful call to ``closedir(DIR *dirp)``
+   This vulnerability was reported by the Fuzzing tool. A successful call to
-   also closes the underlying file descriptor associated with ``dirp``. Access to the released
+   ``closedir(DIR *dirp)`` also closes the underlying file descriptor
-   descriptor may point to some arbitrary memory location or cause undefined behavior.
+   associated with ``dirp``. Access to the released descriptor may point to
+   some arbitrary memory location or cause undefined behavior.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.
 
 Mutex Is Potentially Kept in a Locked State Forever
-   This vulnerability was reported by the Fuzzing tool. Here, pthread_mutex_lock/unlock pairing was not
+   This vulnerability was reported by the Fuzzing tool. Here,
-   always done. Leaving a mutex in a locked state forever can cause program deadlock,
+   pthread_mutex_lock/unlock pairing was not always done. Leaving a mutex in
-   depending on the usage scenario.
+   a locked state forever can cause program deadlock, depending on the usage
+   scenario.
 
    | **Affected Release:** v1.3 and earlier.
    | Upgrade to ACRN release v1.4.