Blockstream has claimed the Jade is not vulnerable, but would 1) want to see an independent 3rd party verify that claim and 2) if someone is using a Jade probably best to switch to the firmware that disables Bluetooth for now.
Discussion
Update: seems Blockstream is most likely correct they are not vulnerable because they don’t rely on the ESP32 to do the crypto