One widely used dll injection technique is copying the dll path to the target process memory and calling CreateRemoteThread() using the address of LoadLibraryA as lpStartAddress. This relies on the fact that all processes have the same base address of kernel32.dll (and some other system dlls).
On Wine only ntdll is always loaded to the same base address, so it's potentially possible to do the same for kernel32, right?