SegmentSmack/CVE-2018-5390 -- OpenWrt effect?

There's a ZDNet article and CVE entry on that. I hope the networking/kernel gurus can help understand the effect it may have on OpenWrt.

It says it requires two-way TCP traffic -- does it have to be between the router and attacker or can it be between any local device and attacker?

Can it be exploited if the OpenWrt router is running an OpenVPN server or a Wireguard? Anything in official packages can be exploited if ran on OpenWrt and the attacker probed it?

It's supposedly fixed in the kernel versions which neither release includes afaik.