diff --git a/reactos/ntoskrnl/ex/sysinfo.c b/reactos/ntoskrnl/ex/sysinfo.c
index cd88b2256bb..cfa46a3f7fc 100644
--- a/reactos/ntoskrnl/ex/sysinfo.c
+++ b/reactos/ntoskrnl/ex/sysinfo.c
@@ -2068,10 +2068,31 @@ SSI_DEF(SystemSessionCreate)
         {
             return STATUS_PRIVILEGE_NOT_HELD;
         }
+
+        _SEH2_TRY
+        {
+            ProbeForWriteUlong(Buffer);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            _SEH2_YIELD(return _SEH2_GetExceptionCode());
+        }
+        _SEH2_END;
     }
 
     Status = MmSessionCreate(&SessionId);
-    if (NT_SUCCESS(Status)) *(PULONG)Buffer = SessionId;
+    if (NT_SUCCESS(Status))
+    {
+        _SEH2_TRY
+        {
+            *(PULONG)Buffer = SessionId;
+        }
+        _SEH2_EXCEPT(ExSystemExceptionFilter())
+        {
+            Status = _SEH2_GetExceptionCode();
+        }
+        _SEH2_END;
+    }
 
     return Status;
 }
@@ -2091,9 +2112,21 @@ SSI_DEF(SystemSessionDetach)
         {
             return STATUS_PRIVILEGE_NOT_HELD;
         }
-    }
 
-    SessionId = *(PULONG)Buffer;
+        _SEH2_TRY
+        {
+            SessionId = ProbeForReadUlong(Buffer);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            _SEH2_YIELD(return _SEH2_GetExceptionCode());
+        }
+        _SEH2_END;
+    }
+    else
+    {
+        SessionId = *(PULONG)Buffer;
+    }
 
     return MmSessionDelete(SessionId);
 }