diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs
index 52452a7321..93ae42a35e 100644
--- a/programs/bpf_loader/src/lib.rs
+++ b/programs/bpf_loader/src/lib.rs
@@ -696,6 +696,10 @@ fn process_loader_upgradeable_instruction(
                         ic_logger_msg!(logger, "Program account is not writable");
                         return Err(InstructionError::InvalidArgument);
                     }
+                    if &program_account.owner()? != program_id {
+                        ic_logger_msg!(logger, "Program account not owned by loader");
+                        return Err(InstructionError::IncorrectProgramId);
+                    }
 
                     match program_account.state()? {
                         UpgradeableLoaderState::Program {