One of the vulnerabilities in this mess is that Spectre crosses the VM boundary. So there is not, as yet, fully dependable protection.