The point of antivirus is to preclude running malicious executables. If you don't run malicious executables then the intel flaw can't be exploited. But you don't need AV to preclude running malicious EXEs. Nor do you need any patch as long as you practice safe computing.
Sorry to rain on your parade, but people who practice safe computing can still be compromised by malware, ransomware, etc. Ads that pop-in from even Google's ad rotations have been known to carry malicious content added after they've been vetted by Google. This is one of the known ways RansomWare has been pushed onto supposedly locked down computer networks.
Another way with Meltdown could be exploited is to hide malicious code in a steganographic image that could be called by a process loaded in another "look ahead" loaded into another. Javascript was just one modality of attack presumed as a means of using this vulnerability. The real problem associated with Meltdown and the look-ahead processing is that it can be exploited by so many other means until a way is found to vet the looking ahead processing that now is independent of any such vetting. ANYTHING can be stuck in there. If it IS useful to what is needed, it's used. If not, it's discarded. That look-ahead has access to the bus. . . and any data on it.
All a bad actor has to do is figure out how to insert his code in there—and no, it does not have to be a .exe file, just machine code—and it WILL be processed.
[[If you don’t run malicious executables then the intel flaw can’t be exploited.]]
If this is true, then linux users should be very well protected against the intel flaw because it can’t run windows based malicious executables, right?