You don't necessarily have to be able to read the supposedly inaccessible value itself. Seeing the timing effects of speculative execution [aborts] can be sufficient to infer actual value. Timing or PMU stats about aborts could be sufficient to infer value by binary search.
I suspect it'll be a bit more complex than that. But the "speculative reference ... higher privileged data" bit in https://lkml.org/lkml/2017/12/27/2 … , by an AMD engineer!, really hints at something very roughly in that vein.