diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 18f4103e02b798937f5594c845f6c200f18b363e..f2dde268165ab92ec7d9373db532616f5744069c 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -117,7 +117,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 	i = 0;
 	perm = 1;
 	while (i < (sizeof(av) * 8)) {
-		if (perm & av) {
+		if ((perm & av) && perms[i]) {
 			audit_log_format(ab, " %s", perms[i]);
 			av &= ~perm;
 		}
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 77f6e54bb43fcf7a505c643905935c0606e8d738..d6bb20cbad623703116160ad791c4831b504d067 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -239,6 +239,13 @@ static void map_decision(u16 tclass, struct av_decision *avd,
 			if (!allow_unknown && !current_mapping[tclass].perms[i])
 				result |= 1<<i;
 		}
+		/*
+		 * In case the kernel has a bug and requests a permission
+		 * between num_perms and the maximum permission number, we
+		 * should audit that denial
+		 */
+		for (; i < (sizeof(u32)*8); i++)
+			result |= 1<<i;
 		avd->auditdeny = result;
 	}
 }