The linked advisory 254 claims that SP2 is limited to code after bounds checks and similar when SMEP is used.

This is incorrect: the BTB can be poisoned to speculatively jump anywhere in the text segment of the supervisor.