In vmx.c::vmx_get_msr(), there is some missing filtering on the PT (RTIT) MSRs. For example RTIT_CR3_MATCH:
if ((pt_mode != PT_MODE_HOST_GUEST) ||
(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) ||
vmx->pt_desc.guest.cr3_match = data;
Here, 'cr3_match' is set to the value given by the guest. Later, in pt_load_msr(), there is a blunt WRMSR:
The Intel SDM indicates that
"IA32_RTIT_CR3_MATCH[4:0] are reserved and must be 0; an attempt to
set those bits using WRMSR causes a #GP."
Given that KVM does not ensure that the aforementioned bits are zero, it seems that the guest could #GP the host.