Are there any known models of wifi dongles that are immune to four way nonce replay? The point being to be able to forget patching Windows and Linux, but to protect in the networking hardware.
Is there a known model that will refuse to repeatedly replay nonce under direct command from a Windows wifi process or wpasupplicant?
Most of the CVEs associated with KRACK will only be remediated by patching the wireless client components of the OS and it is part of the OS by design. Think of it this way, why would hardware manufacturers want to recreate a process that is common to all hardware in their drivers rather than leave it to the OS?
As far as I read to date, the most mitigation that any driver update provides is for 2 of the CVEs (for example, as reported on this Revolution Wi-Fi blog post). That leaves the remaining 8 (of which only 7 are addressable by client patching).
So it is unlikely that there will ever be a "dongle" or stick that is immune to KRACK.
Let me go on to say that there was a time when hardware vendors often did provide their own wireless client/supplicant as part of the software installation, but this was because support for wireless was not yet "baked into the OS." However this meant that you needed to have software installed on the computer, which in my mind would be more troublesome than patching the OS itself.
The last holdout to provide their own wireless client utility that I am aware of was Intel, and they officially dropped support for it with Windows 10:
Intel® PROSet/Wireless WiFi Connection Utility is not supported on Windows® 10 and is no longer installed by default on other Windows OS.
