Vulnerability Discussion
The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.
Check
Verify that the "/boot" mount point has the "nodev" option is with the following command:
Note: This control is not applicable to RHEL 9 system booted UEFI.
$ sudo mount | grep '\s/boot\s'
/dev/sda1 on /boot type xfs (rw,nodev,relatime,seclabel,attr2)
If the "/boot" file system does not have the "nodev" option set, this is a finding.
Fix
Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory.