diff --git a/sys/amd64/vmm/vmm_dev.c b/sys/amd64/vmm/vmm_dev.c
--- a/sys/amd64/vmm/vmm_dev.c
+++ b/sys/amd64/vmm/vmm_dev.c
@@ -1015,6 +1015,11 @@
 		error = EINVAL;
 		goto out;
 	}
+	if (cr_cansee(curthread->td_ucred, sc->cdev->si_cred)) {
+		mtx_unlock(&vmmdev_mtx);
+		error = EINVAL;
+		goto out;
+	}
 
 	/*
 	 * The 'cdev' will be destroyed asynchronously when 'si_threadcount'
@@ -1117,8 +1122,8 @@
 		goto out;
 	}
 
-	error = make_dev_p(MAKEDEV_CHECKNAME, &cdev, &vmmdevsw, NULL,
-			   UID_ROOT, GID_WHEEL, 0600, "vmm/%s", buf);
+	error = make_dev_p(MAKEDEV_CHECKNAME, &cdev, &vmmdevsw,
+	    curthread->td_ucred, UID_ROOT, GID_WHEEL, 0600, "vmm/%s", buf);
 	if (error != 0) {
 		vmmdev_destroy(sc);
 		goto out;