diff --git a/hypervisor/arch/x86/ept.c b/hypervisor/arch/x86/ept.c
index ba637ca72..15686e12a 100644
--- a/hypervisor/arch/x86/ept.c
+++ b/hypervisor/arch/x86/ept.c
@@ -103,8 +103,10 @@ void destroy_ept(struct vm *vm)
 	 *  - trusty is enabled. But not initialized yet.
 	 *    Check vm->arch_vm.sworld_eptp.
 	 */
-	if (vm->sworld_control.sworld_enabled && vm->arch_vm.sworld_eptp)
+	if (vm->sworld_control.sworld_enabled && vm->arch_vm.sworld_eptp) {
 		free_ept_mem(HPA2HVA(vm->arch_vm.sworld_eptp));
+		vm->arch_vm.sworld_eptp = 0;
+	}
 }
 
 uint64_t _gpa2hpa(struct vm *vm, uint64_t gpa, uint32_t *size)
diff --git a/hypervisor/arch/x86/mmu.c b/hypervisor/arch/x86/mmu.c
index ef7fe6fd5..ac8add2c0 100644
--- a/hypervisor/arch/x86/mmu.c
+++ b/hypervisor/arch/x86/mmu.c
@@ -180,11 +180,11 @@ void invept(struct vcpu *vcpu)
 	if (cpu_has_vmx_ept_cap(VMX_EPT_INVEPT_SINGLE_CONTEXT)) {
 		desc.eptp = vcpu->vm->arch_vm.nworld_eptp | (3 << 3) | 6;
 		_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);
-		if (vcpu->vm->sworld_control.sworld_enabled) {
+		if (vcpu->vm->sworld_control.sworld_enabled &&
+			vcpu->vm->arch_vm.sworld_eptp) {
 			desc.eptp = vcpu->vm->arch_vm.sworld_eptp
 				| (3 << 3) | 6;
 			_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);
-
 		}
 	} else if (cpu_has_vmx_ept_cap(VMX_EPT_INVEPT_GLOBAL_CONTEXT))
 		_invept(INVEPT_TYPE_ALL_CONTEXTS, desc);