Protection of memory only exists in the context of a given set of page tables, which also provide the virtual->physical address mapping.
So, if you write a kernel module to do that, it OOPSes because you're using the same set of page tables referencing those virtual addresses as the rest of the kernel is using. Since these page tables have the protection bits set on them to disallow writing, direct attempts to modify them causes an exception (if CR0.WP is set -- do you even know what that is?). When you open a file for read/write, you are able to read/write to it. This is no different with /dev/mem. When you mmap a file for read/write (you have to specify the offset and length as well) and are given permission to do so, you are able to read/write to it. This is no different with /dev/mem. You've obviously never written any code that actually uses /dev/mem. You coupled your experience with using the normal page tables through a kernel module and tried to extrapolate it to something where it doesn't apply.
Now do what I suggested earlier and read Chapter 3 of Volume 3 of the Intel manuals and stop trying to be a smart ass. Or you can continue to post about things you have no knowledge or experience with and embarrass yourself further; your choice.