Most vulnerability associated with TCP and UDP are, in fact, problems on the application layer. For example, if an SMTP (email) server does not handle a malformed SMTP request correctly, it may let an attacker gain access to a system.
Linux has several models to handle application protocols. In many cases, the daemon of an application protocol can run as a restricted user. This means that even if a hacker successfully exploits a vulnerability, root (administrator) privilege is not automatic.
Note that unlike ICMP, we cannot simply disable TCP or UDP. This is because these two protocols are very useful. As a result, if a computer has to be set up to run some server programs, care must be taken to examine the server programs themselves.