Attacks on computer systems are well known. One of the early ways to prevent attacks (as well as to prevent poorly written code from causing problems) was to run user applications in user mode code at a low privilege level, and run system (sometimes referred to as privileged, kernel or supervisor) mode code at a high privilege level.
In general, system mode code running at system privilege level can access virtually any computing resource whereas user mode code cannot. Thus, one common contemporary attack is based upon tricking system mode code via a bug into running user mode code with a system privilege level. Through various exploits such as buffer overflows, the system mode code jumps into or returns to what is actually malicious user mode code that then takes over the flow of execution, with system mode privileges. The attack is based on the concept that while user mode code cannot access system mode data or run in system mode, the converse is not true.
Recent hardware features referred to as Supervisor Mode Access Prevention (SMAP) and Supervisor Mode Execution Prevention (SMEP) attempt to control data and execution access of supervisor mode code. However, these features do not protect against a wide class of attacks, in part because of susceptibility to mistakes in the page tables. Moreover, these features deal with user mode versus supervisor mode, and do not make any distinction for code that runs in hypervisor mode.