AVG-452 log

Package wpa_supplicant
Status Not affected
Severity High
Type man-in-the-middle
Affected 1:2.6-10
Fixed Not affected
Current 2:2.11-2 [core]
Ticket None
Created Mon Oct 16 17:58:09 2017
Issue Severity Remote Type Description
CVE-2017-13084 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.
References
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
https://www.krackattacks.com/
Notes
PeerKey implementation in wpa_supplicant is not fully functional and the actual installation of the key into the driver does not work. As such, this item is not applicable in practice. 
Furthermore, the PeerKey handshake for IEEE 802.11e DLS is obsolete and not known to have been deployed.