diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index a62862e94f9..a21b6a73a95 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -304,6 +304,9 @@ static int do_tpm2_pcrallocate(struct cmd_tbl *cmdtp, int flag, int argc,
 		if (ret)
 			return ret;
 
+		if (pcr.count > TPM2_NUM_PCR_BANKS)
+			return -EINVAL;
+
 		for (i = 0; i < pcr.count; i++) {
 			struct tpms_pcr_selection *sel = &pcr.selection[i];
 			const char *name;
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 9ca7933c094..e4aa2415825 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -74,6 +74,9 @@ int tpm2_scan_masks(struct udevice *dev, u32 log_active, u32 *mask)
 	if (rc)
 		return rc;
 
+	if (pcrs.count > TPM2_NUM_PCR_BANKS)
+		return TPM_LIB_ERROR;
+
 	for (i = 0; i < pcrs.count; i++) {
 		struct tpms_pcr_selection *sel = &pcrs.selection[i];
 		size_t j;