Tails 93 Published by

Tails 7.9.1 has officially launched, updating the Tor client to 0.4.9.11 and the Tor Browser to 15.0.17 for improved privacy and stability. The most critical change is the new Linux kernel 6.12.94, which patches two severe privilege escalation flaws known as DirtyClone and PACKET_EDIT_MEME. Tails warns that while exploitation is difficult, a targeted government or well-funded hacking group could theoretically chain these vulnerabilities to deanonymize users.



Tails 7.9.1 Drops, Patching Kernel Flaws That Could Deanonymize Users

The privacy-focused live OS receives a Tor client bump and two critical CVE fixes.

Tails has rolled out version 7.9.1, delivering a Tor Browser bump to 15.0.17, a Tor client update to 0.4.9.11, and a refreshed Linux kernel that closes two privilege escalation flaws. If you are running Tails for sensitive work, the kernel patch is the one to pay attention to.

The kernel update lands at 6.12.94 and patches CVE-2026-43503 and CVE-2026-46331 also known as DirtyClone and PACKET_EDIT_MEME respectively. Both stem from the networking subsystem failing to properly track shared memory buffers and copy-on-write ranges when routing packets. In practice, they let an unprivileged process break out of its sandbox and grab root access.

Screenshot_from_2026_02_26_13_45_11

The Patch and the Threat Model

Tails is explicit about the risk. The project warns that a targeted attacker, likely a government agency or a well-funded hacking firm, could chain these bugs together to expose your real IP and strip away anonymity. The attacks are not trivial to pull off, but the threat model the software serves does not exactly deal in trivial threats.

Tails first shipped back in 2009, long before encrypted messaging was a mainstream feature. When the project merged with The Tor Project in September 2024, the combined nonprofit brought two of the most recognized anonymity tools under one roof. Three years later, the codebase is still being stress-tested against the exact kind of kernel-level chain attacks described in this week’s advisory.

Not bad for an operating system that refuses to touch your hard drive. Tails runs entirely from RAM, routes every connection through Tor relays, and wipes its own memory on shutdown. It is arguably the most paranoid consumer-grade operating system available, even if the economics of running a stable Tor relay network keep the project quietly dependent on volunteer goodwill.

This is not Tails’ first brush with kernel-level exposure, and it will not be the last. The project has never claimed to be unhackable. Hardware implants, malicious USB ports, and metadata leaks in documents you thought were clean still represent real risks. Tails is safe, as the team likes to put it, but not magic.

You can grab the ISO directly from tails.net. The download sits around 1.9 GB, and you will need at least an 8 GB USB drive to flash it. Verify the GPG signature before booting. If you are running an older Tails release, the new kernel and Tor client updates are worth installing immediately.