This bug is basically just a failure to properly intercept guest writes to the IA32_HW_FEEDBACK_PTR Machine State Register (MSR), which the CPU uses to store the physical address to write performance information feedback to upon reset. As this MSR was not intercepted, a guest could write a hypervisor physical address into this MSR on sleep or hibernation (S3/S4) resume and get the CPU to corrupt hypervisor memory.