Actually, this vulnerability was caused by a design flaw in Intel processors. More specifically, it’s my understanding that it’s caused by an issue in the predictive processing (or whatever it’s called) that is performed by Intel’s more recent-ish processors. Consequently, it’s possible to for a carefully-designed userspace program to gain kernel privileges, allowing said program to do virtually anything. It is theoretically possible to write JS programs that do this. If such scripts were loaded in a web page, millions of people would be compromised in a shockingly short amount of time.
Since this is a CPU bug, it affects all operating systems that use these processors. It doesn’t matter if you’re running Windows 7, Windows 10, GNU/Linux, *BSD, etc. Even though I use Ubuntu, I’m still worried about how my own machines will be affected.
PS: AMD CPUs are unaffected. In fact, when a patch was submitted to the Linux Foundation, which was meant to run on all x86-based CPUs, AMD submitted a patch of their own to make the bug fix run ONLY on Intel CPUS, leaving AMD CPUs unaffected:
if (c->x86_vendor != X86_VENDOR_AMD)
Talk about a burn! Too bad I don’t have any AMD CPUs.