diff --git a/Kernel/API/POSIX/sys/limits.h b/Kernel/API/POSIX/sys/limits.h
new file mode 100644
index 0000000000..df12d14894
--- /dev/null
+++ b/Kernel/API/POSIX/sys/limits.h
@@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2022, Andreas Kling <kling@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#define NGROUPS_MAX 32
diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp
index 0f22eabb42..53200d5d19 100644
--- a/Kernel/Syscalls/setuid.cpp
+++ b/Kernel/Syscalls/setuid.cpp
@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
+#include <Kernel/API/POSIX/sys/limits.h>
 #include <Kernel/Process.h>
 
 namespace Kernel {
@@ -246,6 +247,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
     VERIFY_NO_PROCESS_BIG_LOCK(this);
     TRY(require_promise(Pledge::id));
 
+    if (count > NGROUPS_MAX)
+        return EINVAL;
+
     auto credentials = this->credentials();
 
     if (!credentials->is_superuser())
diff --git a/Userland/Libraries/LibC/limits.h b/Userland/Libraries/LibC/limits.h
index 4e767b0eca..63e1728415 100644
--- a/Userland/Libraries/LibC/limits.h
+++ b/Userland/Libraries/LibC/limits.h
@@ -1,11 +1,12 @@
 /*
- * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
+ * Copyright (c) 2018-2022, Andreas Kling <kling@serenityos.org>
  *
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
 #pragma once
 
+#include <Kernel/API/POSIX/sys/limits.h>
 #include <bits/stdint.h>
 #include <bits/wchar.h>