diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 9f71e226d95f..8bf6b8457a34 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -1018,7 +1018,7 @@ static enum pkvm_page_state host_get_page_state(kvm_pte_t pte, u64 addr)
 	if (is_memory && hyp_phys_to_page(addr)->flags & MODULE_OWNED_PAGE)
 	       return PKVM_MODULE_DONT_TOUCH;
 
-	if (!addr_is_allowed_memory(addr))
+	if (is_memory && !addr_is_allowed_memory(addr))
 		return PKVM_NOPAGE;
 
 	if (!kvm_pte_valid(pte) && pte)
@@ -1235,7 +1235,7 @@ static int hyp_ack_share(u64 addr, const struct pkvm_mem_transition *tx,
 	phys_addr_t phys = hyp_virt_to_phys((void *)addr);
 	enum kvm_pgtable_prot prot = default_hyp_prot(phys);
 
-	if (perms != prot)
+	if (!addr_is_memory(phys) || perms != prot)
 		return -EPERM;
 
 	if (__hyp_ack_skip_pgtable_check(tx))
@@ -1330,7 +1330,7 @@ static int guest_ack_share(u64 addr, const struct pkvm_mem_transition *tx,
 {
 	u64 size = tx->nr_pages * PAGE_SIZE;
 
-	if (perms != KVM_PGTABLE_PROT_RWX)
+	if (!addr_is_memory(tx->completer.guest.phys) || perms != KVM_PGTABLE_PROT_RWX)
 		return -EPERM;
 
 	return __guest_check_page_state_range(tx->completer.guest.hyp_vcpu,
@@ -1341,6 +1341,9 @@ static int guest_ack_donation(u64 addr, const struct pkvm_mem_transition *tx)
 {
 	u64 size = tx->nr_pages * PAGE_SIZE;
 
+	if (!addr_is_memory(tx->completer.guest.phys))
+		return -EPERM;
+
 	return __guest_check_page_state_range(tx->completer.guest.hyp_vcpu,
 					      addr, size, PKVM_NOPAGE);
 }