diff --git a/drivers/misc/nvsciipc/nvsciipc.c b/drivers/misc/nvsciipc/nvsciipc.c
index 862b03a2..9232dad2 100644
--- a/drivers/misc/nvsciipc/nvsciipc.c
+++ b/drivers/misc/nvsciipc/nvsciipc.c
@@ -613,8 +613,8 @@ static int nvsciipc_ioctl_set_db(struct nvsciipc *ctx, unsigned int cmd,
 		return -EFAULT;
 	}
 
-	if (user_db.num_eps <= 0) {
-		ERR("invalid value passed for num_eps\n");
+	if ((user_db.num_eps <= 0) || (user_db.num_eps > NVSCIIPC_MAX_EP_COUNT)) {
+		ERR("invalid value passed for num_eps: %d\n", user_db.num_eps);
 		return -EINVAL;
 	}
 
@@ -630,6 +630,13 @@ static int nvsciipc_ioctl_set_db(struct nvsciipc *ctx, unsigned int cmd,
 		goto ptr_error;
 	}
 
+	if (!access_ok(user_db.entry, ctx->num_eps *
+		sizeof(struct nvsciipc_config_entry *))) {
+		ERR("invalid user-space pointer: %p\n", user_db.entry);
+		ret = -EFAULT;
+		goto ptr_error;
+	}
+
 	ret = copy_from_user(entry_ptr, (void __user *)user_db.entry,
 			ctx->num_eps * sizeof(struct nvsciipc_config_entry *));
 	if (ret < 0) {
diff --git a/include/uapi/linux/nvsciipc_ioctl.h b/include/uapi/linux/nvsciipc_ioctl.h
index 942485d4..e46c0a3d 100644
--- a/include/uapi/linux/nvsciipc_ioctl.h
+++ b/include/uapi/linux/nvsciipc_ioctl.h
@@ -6,6 +6,14 @@
 
 #include <linux/ioctl.h>
 
+/*
+ * inter-thread: 2000
+ * inter-process: 16384
+ * inter-vm: 512
+ * inter-chip-pcie: 32
+ */
+#define NVSCIIPC_MAX_EP_COUNT 18928
+
 #define NVSCIIPC_MAX_EP_NAME	64U
 #define NVSCIIPC_MAX_RDMA_NAME	64U
 #define NVSCIIPC_MAX_IP_NAME	16U