The "hidden processor state" is the memory contents belonging to other processes, stored as part of the CPU's memory access machinery. Every single one of these vulnerabilities involves Intel speculatively filling memory read requests from one process with data from another process without doing access checks first, and it turns out they do this all over the place: they do it from L1 cache, they do it if there's an L1 cache miss, they do it when the actual desired memory is uncacheable, they do it with store-to-load forwarding... almost every conceivable method of fulfilling a memory read on modern Intel CPUs is happy to speculatively leak secret data from other processes that shouldn't be accessable. More interestingly, AMD don't seem to do this anywhere that anyone's been able to find. (Well, technically that's not quite true... there's a speculative bypass of x86 segment limits on AMD which no-one cares about because no-one uses those anyway.)