Cache Attack
From ECE459 L07.
If an attacker can get some memory loaded into the cache, they can extract that memory using a cache side-channel attack. Spectre and Meltdown work by first causing privileged memory to be loaded into the cache (via speculative execution) and then reading it back through a cache side-channel.
A separate but related family of side-channel attacks exploits shared execution hardware between hyperthreads on the same core; see Hyperthreading Attack.