diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index 3245d2d6e879..74789a68ef96 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -210,7 +210,7 @@ static int handle_trap_exceptions(struct kvm_vcpu *vcpu)
 	if (is_protected_kvm_enabled() && !kvm_vm_is_protected(vcpu->kvm)) {
 		preempt_disable();
 		if (!(vcpu->arch.flags & KVM_ARM64_PKVM_STATE_DIRTY)) {
-			kvm_call_hyp_nvhe(__pkvm_vcpu_sync_state);
+			kvm_call_hyp_nvhe(__pkvm_vcpu_sync_state, vcpu);
 			vcpu->arch.flags |= KVM_ARM64_PKVM_STATE_DIRTY;
 		}
 		preempt_enable();
diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
index b3b8e2d78b91..69e509544804 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
@@ -690,10 +690,15 @@ static void handle___pkvm_vcpu_put(struct kvm_cpu_context *host_ctxt)
 
 static void handle___pkvm_vcpu_sync_state(struct kvm_cpu_context *host_ctxt)
 {
+	DECLARE_REG(struct kvm_vcpu *, vcpu, host_ctxt, 1);
+
 	if (unlikely(is_protected_kvm_enabled())) {
 		struct pkvm_loaded_state *state = this_cpu_ptr(&loaded_state);
 
-		if (!state->vcpu || state->is_protected)
+		vcpu = kern_hyp_va(vcpu);
+
+		if (!state->vcpu || state->is_protected ||
+		    state->vcpu->arch.pkvm.host_vcpu != vcpu)
 			return;
 
 		__sync_vcpu_state(state->vcpu);