Greg Kroah-Hartman, the primary developer of the Linux kernel, recently gave a talk at an open source gathering in Lyons. One of the things he discussed was Spectre-style vulnerabilities in Intel CPUs. He says that more of these kinds of vulnerabilities are still being found, and that existing ones haven't been fully patched.
As a reminder, these issues come from Intel chips' attempts to predict what they'll be asked to do. But they allow one program to steal information from another, regardless of security settings -- even from within a virtual machine.
At this point, he recommends outright disabling hyper-threading, even with the performance hit. Apparently OpenBSD defaults to this already, and has for some time.