[Blazespinnaker]

I am surprised this hasn’t been explained in terms of a vulnerability chain. Ie, break it up into parts. As soon as you have an oracle providing cache timing info you have a vulnerability.

Basic Bayesian analysis suggests that there is more fruit to fall off the tree.

[scott_s]

I agree: as long as side channel attacks are possible, there's always the possibility that someone else will find some other vulnerability that can be combined to create an exploit. The paper (https://meltdownattack.com/meltdown.pdf) does present it in that way: they show you the parts, then show how they fit together for a workable exploit.