diff --git a/AssigningDevices.md b/AssigningDevices.md
index 39165c71..39417c9f 100644
--- a/AssigningDevices.md
+++ b/AssigningDevices.md
@@ -104,6 +104,8 @@ Then enable it with `systemctl enable qubes-pre-netvm.service`
 
 See also: [​https://groups.google.com/forum/\#!topic/qubes-users/Fs94QAc3vQI](https://groups.google.com/forum/#!topic/qubes-users/Fs94QAc3vQI), [​http://wiki.xen.org/wiki/Xen\_PCI\_Passthrough](http://wiki.xen.org/wiki/Xen_PCI_Passthrough)
 
+**NOTE:** By setting the permissive flag for the PCI device, you're potentially weakening the device isolation, especially if your system is not equipped with VT-d Interrupt Remapping unit -- see [​this paper, page 7](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) for more details.
+
 Bringing PCI device back to dom0
 --------------------------------