Index: /trunk/include/VBox/vmm/hm_vmx.h
===================================================================
--- /trunk/include/VBox/vmm/hm_vmx.h	(revision 74701)
+++ /trunk/include/VBox/vmm/hm_vmx.h	(revision 74702)
@@ -3448,6 +3448,6 @@
     /** 0x280 - Virtualization-exception information address.  */
     RTUINT64U       u64AddrXcptVeInfo;
-    /** 0x288 - XSS-exiting bitmap address.  */
-    RTUINT64U       u64AddrXssBitmap;
+    /** 0x288 - XSS-exiting bitmap.  */
+    RTUINT64U       u64XssBitmap;
     /** 0x290 - ENCLS-exiting bitmap address.  */
     RTUINT64U       u64AddrEnclsBitmap;
Index: /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h
===================================================================
--- /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h	(revision 74701)
+++ /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h	(revision 74702)
@@ -7992,4 +7992,11 @@
      * Raise exceptions.
      */
+    /* When in VMX non-root mode and XSAVE/XRSTOR is not enabled, it results in #UD. */
+    if (    IEM_VMX_IS_NON_ROOT_MODE(pVCpu)
+        && !IEM_VMX_IS_PROCCTLS2_SET(pVCpu, VMX_PROC_CTLS2_XSAVES_XRSTORS))
+    {
+        Log(("xrstor: Not enabled for nested-guest execution -> #UD\n"));
+        return iemRaiseUndefinedOpcode(pVCpu);
+    }
     if (!(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSXSAVE))
         return iemRaiseUndefinedOpcode(pVCpu);
@@ -8008,5 +8015,5 @@
 
     /*
-     * Calc the requested mask
+     * Calc the requested mask.
      */
     uint64_t const fReqComponents = RT_MAKE_U64(pVCpu->cpum.GstCtx.eax, pVCpu->cpum.GstCtx.edx) & pVCpu->cpum.GstCtx.aXcr[0];
@@ -8148,4 +8155,11 @@
      * Raise exceptions.
      */
+    /* When in VMX non-root mode and XSAVE/XRSTOR is not enabled, it results in #UD. */
+    if (    IEM_VMX_IS_NON_ROOT_MODE(pVCpu)
+        && !IEM_VMX_IS_PROCCTLS2_SET(pVCpu, VMX_PROC_CTLS2_XSAVES_XRSTORS))
+    {
+        Log(("xrstor: Not enabled for nested-guest execution -> #UD\n"));
+        return iemRaiseUndefinedOpcode(pVCpu);
+    }
     if (!(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSXSAVE))
         return iemRaiseUndefinedOpcode(pVCpu);
Index: /trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h
===================================================================
--- /trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h	(revision 74701)
+++ /trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h	(revision 74702)
@@ -132,5 +132,5 @@
         /*    20 */ RT_UOFFSETOF(VMXVVMCS, u64AddrVmwriteBitmap),
         /*    21 */ RT_UOFFSETOF(VMXVVMCS, u64AddrXcptVeInfo),
-        /*    22 */ RT_UOFFSETOF(VMXVVMCS, u64AddrXssBitmap),
+        /*    22 */ RT_UOFFSETOF(VMXVVMCS, u64XssBitmap),
         /*    23 */ RT_UOFFSETOF(VMXVVMCS, u64AddrEnclsBitmap),
         /*    24 */ UINT16_MAX,