diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
index 8a83efa49..26cff1103 100644
--- a/pkg/server/container_create.go
+++ b/pkg/server/container_create.go
@@ -341,6 +341,10 @@ func addOCIDevices(g *generate.Generator, devs []*runtime.Device, privileged boo
 				UID:   &hostDevice.Uid,
 				GID:   &hostDevice.Gid,
 			}
+			if hostDevice.Major == 0 && hostDevice.Minor == 0 {
+				// Invalid device, most likely a symbolic link, skip it.
+				continue
+			}
 			g.AddDevice(rd)
 		}
 		spec.Linux.Resources.Devices = []runtimespec.LinuxDeviceCgroup{
@@ -352,7 +356,11 @@ func addOCIDevices(g *generate.Generator, devs []*runtime.Device, privileged boo
 		return nil
 	}
 	for _, device := range devs {
-		dev, err := devices.DeviceFromPath(device.HostPath, device.Permissions)
+		path, err := resolveSymbolicLink(device.HostPath)
+		if err != nil {
+			return err
+		}
+		dev, err := devices.DeviceFromPath(path, device.Permissions)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go
index 4a08d58a7..2f112355f 100644
--- a/pkg/server/helpers.go
+++ b/pkg/server/helpers.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -402,3 +403,16 @@ func (c *criContainerdService) ensureImageExists(ctx context.Context, ref string
 	}
 	return &newImage, nil
 }
+
+// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
+// path; if not, returns the original path.
+func resolveSymbolicLink(path string) (string, error) {
+	info, err := os.Lstat(path)
+	if err != nil {
+		return "", err
+	}
+	if info.Mode()&os.ModeSymlink != os.ModeSymlink {
+		return path, nil
+	}
+	return filepath.EvalSymlinks(path)
+}