diff --git a/hypervisor/arch/x86/cpu_caps.c b/hypervisor/arch/x86/cpu_caps.c
index 7a494520f..f5cef3adf 100644
--- a/hypervisor/arch/x86/cpu_caps.c
+++ b/hypervisor/arch/x86/cpu_caps.c
@@ -26,7 +26,7 @@
 #define VAPIC_FEATURE_POST_INTR			(1U << 4U)
 #define VAPIC_FEATURE_VX2APIC_MODE		(1U << 5U)
 
-struct cpu_capability {
+static struct cpu_capability {
 	uint8_t apicv_features;
 	uint8_t ept_features;
 
@@ -314,8 +314,8 @@ static inline bool is_vmx_disabled(void)
 	msr_val = msr_read(MSR_IA32_FEATURE_CONTROL);
 
 	/* Check if feature control is locked and vmx cannot be enabled */
-	if ((msr_val & MSR_IA32_FEATURE_CONTROL_LOCK) != 0U &&
-		(msr_val & MSR_IA32_FEATURE_CONTROL_VMX_NO_SMX) == 0U) {
+	if (((msr_val & MSR_IA32_FEATURE_CONTROL_LOCK) != 0U) &&
+		((msr_val & MSR_IA32_FEATURE_CONTROL_VMX_NO_SMX) == 0U)) {
 		return true;
 	}
 	return false;
diff --git a/hypervisor/arch/x86/security.c b/hypervisor/arch/x86/security.c
index 048920596..f0184358e 100644
--- a/hypervisor/arch/x86/security.c
+++ b/hypervisor/arch/x86/security.c
@@ -15,7 +15,6 @@
 #include <logmsg.h>
 
 static bool skip_l1dfl_vmentry;
-static uint64_t x86_arch_capabilities;
 int32_t ibrs_type;
 
 static void detect_ibrs(void)
@@ -47,6 +46,8 @@ static void detect_ibrs(void)
 
 bool check_cpu_security_cap(void)
 {
+	uint64_t x86_arch_capabilities;
+
 	detect_ibrs();
 
 	if (cpu_has_cap(X86_FEATURE_ARCH_CAP)) {
@@ -61,8 +62,8 @@ bool check_cpu_security_cap(void)
 		return false;
 	}
 
-	if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
-		!cpu_has_cap(X86_FEATURE_STIBP)) {
+	if ((!cpu_has_cap(X86_FEATURE_IBRS_IBPB)) &&
+		(!cpu_has_cap(X86_FEATURE_STIBP))) {
 		return false;
 	}