How do you inject a kernel module...
...if you don't have access to kernel memory?
Though you still can just replace the kernel image and reboot into that.
However if you run on e.g. Xen you can prevent that as well, leaving only comparatively more easy to detect user-mode root kits (ignoring possible supervisor bugs or an insecure dom0).