Description:
Researchers has discovered two types of design flaws in WPA3-first leads to downgrade attacks and second to side-channel leaks, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood.

CVE Numbers:
CVE-2019-9494/CVE-2019-9495/CVE-2019-9496/CVE-2019-9497/CVE-2019-9498/CVE-2019-9499

Impact:
A downgrade attack against WPA3-Transtition mode can lead to dictionary attacks. A security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack, and a resource consumption attack against the WPA3's Dragonfly handshake can be used to recover passwords or cause a DoS.

Solution:
Upgrade wpa_supplicant and hostapd to version 2.8

Available Mitigations:
Mitigations are available for
CVE-2019-9494 https://w1.fi/security/2019-1/
CVE-2019-9495 https://w1.fi/security/2019-2/
CVE-2019-9496 https://w1.fi/security/2019-3/
CVE-2019-9497 https://w1.fi/security/2019-4/
CVE-2019-9498 https://w1.fi/security/2019-4/
CVE-2019-9499 https://w1.fi/security/2019-4/

Reference:
https://www.kb.cert.org/vuls/id/871675/
https://wpa3.mathyvanhoef.com/
https://papers.mathyvanhoef.com/dragonblood.pdf