basically all modern CPUs speculate loads far beyond the point where they know it's safe. this is necessary for even half-decent performance in a big pipeline.
a = x[4];
b = y[a];
c = z[b];
it may load "c" long before it even knows the load of "a" was safe!
this is fine as long as it can roll things back in the case the first load failed. completely normal
so... imagine you're not supposed to be able to know "b" because it's in kernel memory.
it'll load b, and then load z[b] to get c. then at some point it will fail and roll back.
the rollback *isn't total*.
it's like the CPU went ahead to the next page of an assignment before it was supposed to, but didn't completely hide that fact.