I know what speculative execution is and have some understanding of spectre already. What I don't get is what it means to exploit a speculative race condition.
So the thing with speculative attacks is that you can use an invariant that is broken speculatively to leak things. In this case they use a speculative race condition to gain speculative code execution, much like you can use a normal race condition to gain real code execution. Arbitrary speculative code execution can be used to leak data which can be picked up via side channels.