We can intercept #UDs using the Exception Bitmap of VMCS. In the vm-exit, we can check whether the generated #UD was because of SYSCALL or SYSRET instructions, and if it was true, then we emulate the user-to-kernel or kernel-to-user act of these instructions. If it was not because of SYSCALL or SYSRET, we inject #UD back to the guest.