Do all important system changing activities need to go through the kernel on a Linux-based system?

I'm assuming it is possible for an attacker to bypass the Linux kernel to make changes to system memory, hard drives etc.