Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOSTSCSISETENDPOINT ioctl call. NOTE: the affected function was renamed to vhostscsimake_tpg before the vulnerability was announced.