Ring 0 versus Ring 3 is the hardware boundary that made the Meltdown vulnerability so severe in 2018: it broke the assumption that Ring 3 code could never read Ring 0 memory, forcing every OS vendor to ship KPTI (kernel page-table isolation) patches with a real performance cost. Hypervisors like KVM add a Ring -1 on top of this exact model, which is why understanding CPL transitions here also explains how virtual machines stay isolated from each other.