Razer has a vulnerability affecting all current laptops, where the SPI Flash is set to full read/write and the Intel CPU is left in ME Manufacturing Mode. This allows for attackers to safeguard rootkits with Intel Boot Guard, downgrade the BIOS to exploit older vulnerabilities such as Meltdown, and many other things. They have yet to look into getting a CVE assigned, saying it isn't necessary.