diff --git a/Kernel/Devices/KCOVInstance.cpp b/Kernel/Devices/KCOVInstance.cpp
index ebcfae52410..098504826f6 100644
--- a/Kernel/Devices/KCOVInstance.cpp
+++ b/Kernel/Devices/KCOVInstance.cpp
@@ -17,6 +17,9 @@ KCOVInstance::KCOVInstance(ProcessID pid)
 
 KResult KCOVInstance::buffer_allocate(size_t buffer_size_in_entries)
 {
+    if (buffer_size_in_entries < 2 || buffer_size_in_entries > KCOV_MAX_ENTRIES)
+        return EINVAL;
+
     // first entry contains index of last PC
     this->m_buffer_size_in_entries = buffer_size_in_entries - 1;
     this->m_buffer_size_in_bytes = page_round_up(buffer_size_in_entries * KCOV_ENTRY_SIZE);
diff --git a/Kernel/Devices/KCOVInstance.h b/Kernel/Devices/KCOVInstance.h
index e40bc6c0e93..2694ad1d877 100644
--- a/Kernel/Devices/KCOVInstance.h
+++ b/Kernel/Devices/KCOVInstance.h
@@ -14,6 +14,7 @@ namespace Kernel {
 // Note: These need to be kept in sync with Userland/Libraries/LibC/sys/kcov.h
 typedef volatile u64 kcov_pc_t;
 #define KCOV_ENTRY_SIZE sizeof(kcov_pc_t)
+#define KCOV_MAX_ENTRIES (10 * 1024 * 1024)
 
 /*
  * One KCOVInstance is allocated per process, when the process opens /dev/kcov