Well most data is going through more layers of code. And as a rough approximation the more code running the more vulnerabilities. I guess this "internal" code isn't as critical of a surface because you have to get through the applications but there is certainly still risk.
I'm still not sure I follow. Can you outline a hypothetical in which there is a practical risk, so I know what you're talking about? Obviously, neither of us have all the technical details, so just propose something.
I didn't have any attack in particular, but an example could be sending a long buffer to the kernel that causes an integer overflow and overwrites some important memory. Especially with the non-verified external RAM it seems like you could throw some weird stuff at the kernel.
