I didn’t quite understand the scope of impact of the issues highlighted in the article.

> The CPU still fetches the target into the instruction cache before the protection kicks in.

> In Phantom, ordinary instructions, including a no-op, can be misinterpreted by the CPU as branches, triggering speculative behavior the program never asked for.

Is the idea you combine these two to execute a BTB style attack? Is there a world in which speculative cache fetching is still fine if it’s non exploitable or is it always a risk and the performance cost of fixing the hardware negligible?

> The Fractal team showed that the conditional branch predictor has no privilege isolation at all

This one seems more serious. Now that it’s confirmed, does it provide a map for how to exploit it in a real system or is this non-exploitable in practice because of OS design choices around migration?