Hi,
17.01.4 just released [2] with fixed wpa and possibility to activate an AP side workaround. It is just a mitigation really, but should in practice impair an exploit. It is OFF by default.
Quote:
"an optional AP-side
workaround was introduced in hostapd to complicate these attacks,
slowing them down. Please note that this does not fully protect you from
them, especially when running older versions of wpa_supplicant
vulnerable to CVE-2017-13086, which the workaround does not address. As
this workaround can cause interoperability issues and reduced robustness
of key negotiation, this workaround is disabled by default."
Option in hostapd.sh [1] is:
wpa_disable_eapol_key_retries
[1] https://git.lede-project.org/?p=source.git;a=commitdiff;h=d501786ff25684208d22b7c93ce60c194327c771
[2] https://downloads.lede-project.org/releases/17.01.4/targets/