A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. - From kernel mode a malicious guest can write to arbitrary host memory (with some constraints), affording the guest full control of the host.
AMD and Intel CPUs support hardware virtualization using specialized data structures that control various aspects of guest operation. These are the Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow root users, including those running in a jail, to change these data structures.