diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b7b986520dc7..a1dd38525957 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2007,6 +2007,9 @@ static int xfrm_get_default(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 	r_up = nlmsg_data(r_nlh);
 
+	if (up->dirmask >= XFRM_USERPOLICY_DIRMASK_MAX)
+		return -EINVAL;
+
 	r_up->action = ((net->xfrm.policy_default & (1 << up->dirmask)) >> up->dirmask);
 	r_up->dirmask = up->dirmask;
 	nlmsg_end(r_skb, r_nlh);