In this specific instance, the xdcbt instruction accidentally does a bad thing in the Spectre Zone that leaks back into the real world through a side-channel in the L1 cache. Crafted malicious code could do another bad thing in the Spectre Zone that ordinarily isn't allowed in the real world, then leak the results back to the real world through any side-channel that works.

Only on Xbox 360, it could even use xdcbt vs dcbt for that side-channel. If you set code up to always execute xdcbt on core 2, and always dcbt on cores 0 and 1, you might be able to do timing-based attacks between core 0 (closer to L2) and core 1 (further from L2) comparing against core 2 (bypassing L2).

A different version of the same PowerPC chip family would have its own side-channels. All those side-channels are hardware-specific.