Disclaimer: This writeup is based on a Capture The Flag (CTF) challenge hosted on TryHackMe and it is intended for educational purposes only.

The CVE-2026–31341 room on TryHackMe focuses on analyzing and understanding a real-world vulnerability identified as CVE-2026–31341. It guides learners through the process of investigating the flaw, understanding its impact, and exploring how attackers could exploit it in practical scenarios. Through hands-on exercises, users develop skills in vulnerability analysis, exploitation concepts, and detection techniques, helping them better understand how modern CVEs are researched and mitigated in cybersecurity operations.

Task 1 Introduction

I have successfully started my machine.

No answer needed

Task 2 The Vulnerability

What year was the optimization introduced that created this vulnerability?

2017

Which AEAD algorithm template performs the scratch write that corrupts the page cache?

authencesn

What system call transfers page cache pages into the AF_ALG socket without copying them?

splice

The HMAC verification fails after the scratch write is performed. Does this undo the page cache corruption? (Answer Format: Yay or Nay)

Nay

Task 3 Exploitation

What is the content of /root/flag.txt?

THM{copy_fail_kernel_lpe}

Task 4 Detection and Remediation

What command checks whether algif_aead is a loadable module or compiled into the kernel?

modinfo algif_aead

Task 5 Conclusion

I can now exploit CVE-2026–31341!

No answer needed