The problem of wpa2 (KRACKs)

I’m using balenaOS 2.32.0+rev1 and device type is Raspberry Pi 3.
I was pointed out by security research company that the version of wpa2_supplicant of the device is a version that is affected by KRACKs (

The version of wpa_supplicant of my balena OS is v2.6 which is possibility to be attacked.
I’m afraid of this problem.

I found a pull request ( which probably related to this issue, but this doesn’t seem to merge.
Are there any plans to update wpa_supplicant or any other plans?

Best regards.

If the PR you pointed at is meant to fix/mitigate this vulnerability, those patches have been applied upstream and merged into balenaOS a long time ago, I believe since v2.4.0.
Are there other patches you are aware of that we do not apply?
Kind regards,

To follow up on this. We recently merged this PR (, which updates wpa_supplicant to v2.9. So this will appear in one of the next balenaOS versions.
Best regards,