Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
A vulnerability was found in how a number of implementations
can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK,
or IGTK) by replaying a specific frame that is used to
manage the keys.
Such reinstallation of the encryption key can result in
two different types of vulnerabilities: disabling replay
protection and significantly reducing the security of
encryption to the point of allowing frames to be decrypted
or some parts of the keys to be determined by an attacker
depending on which cipher is used.