diff --git a/pkg/container/device.go b/pkg/container/device.go
index 5b01a4b149d..5959b255d2e 100644
--- a/pkg/container/device.go
+++ b/pkg/container/device.go
@@ -110,7 +110,7 @@ func (c *container) specAddContainerConfigDevices(enableDeviceOwnershipFromSecur
 				Major: dev.Major,
 				Minor: dev.Minor,
 				UID:   getDeviceUserGroupID(c.Config().Linux.SecurityContext.RunAsUser, dev.Uid, enableDeviceOwnershipFromSecurityContext),
-				GID:   getDeviceUserGroupID(c.Config().Linux.SecurityContext.RunAsGroup, dev.Uid, enableDeviceOwnershipFromSecurityContext),
+				GID:   getDeviceUserGroupID(c.Config().Linux.SecurityContext.RunAsGroup, dev.Gid, enableDeviceOwnershipFromSecurityContext),
 			}
 			c.Spec().AddDevice(rd)
 			sp.Linux.Resources.Devices = append(sp.Linux.Resources.Devices, rspec.LinuxDeviceCgroup{
diff --git a/pkg/container/device_test.go b/pkg/container/device_test.go
index 2a6b0c10caf..a0a5585b391 100644
--- a/pkg/container/device_test.go
+++ b/pkg/container/device_test.go
@@ -94,7 +94,16 @@ var _ = t.Describe("Container", func() {
 		hostDevices, err := devices.HostDevices()
 		Expect(err).To(BeNil())
 
+		// Find a host device with uid != gid using first device as fallback.
 		testDevice := hostDevices[0]
+		if testDevice.Uid == testDevice.Gid {
+			for _, d := range hostDevices {
+				if d.Uid != d.Gid {
+					testDevice = d
+					break
+				}
+			}
+		}
 
 		tests := []testdata{
 			{