Section 3.6 of https://papers.mathyvanhoef.com/usenix2021.pdf briefly discusses the wrong behavior of Linux 4.9+ that this patch tries to fix: "Linux 4.9 and above .. strip away the first 8 bytes of an A-MSDU frame if these bytes look like a valid LLC/SNAP header, and then further process the frame. This behavior is not compliant with the 802.11 standard."
How about linux 4.9 below, are they compliant with 802.11 standard or not?
They are compliant.
Would they need additional patches to mitigate the aggregation attack?
They need the backport of "[PATCH 04/18] cfg80211: mitigate A-MSDU aggregation attacks" to mitigate attacks. This patch has been backported to 4.4: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v...
So if you take all the patches that have been backported to 4.4 you should be OK.
Cheers, Mathy