Modern CPUs have speculative execution capabilities, which improves processor performance. Depending on the design and architecture of the CPU, speculative execution can introduce side-channel-attack vulnerabilities.
The causes of these vulnerabilities are rooted in CPU hardware design choices intended to optimize performance.
https://lwn.net/Articles/755419/
https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf
Spectre V1 has been demonstrated to bypass protections provided by Intel SGX. Intel has updated the SGX SDK to mitigate these vulnerabilities when the SGX enclaves are rebuilt.
https://software.intel.com/sites/default/files/managed/e1/ec/SGX_SDK_Developer_Guidance-CVE-2017-5753.pdf
Spectre V1 has also been demonstrated to access protections provided by the System Management Range Register (SMRR) to access protected System Management Mode (SMM) memory.
https://blog.eclypsium.com/2018/05/17/system-management-mode-speculative-execution-attacks/
Lazy FP may particularly expose AES keys:
The FPU state may contain sensitive information such as cryptographic keys. As an example, the Intel AES instruction set (AES-NI) uses FPU registers to store round keys. It is only possible to exploit when the underlying operating system or hypervisor uses lazy FPU switching.
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html