Microsoft announced updates today for all supported versions of SQL Server, for a privilege escalation vulnerability that leverages Extended Events. For security reasons no further details have been provided, but you can expect more information in the near future, now that this update is public.
From the knowledge base article:
Data can be sent over a network to an affected Microsoft SQL Server instance that may cause code to run against the SQL Server process if a certain extended event is enabled. See CVE-2021-1636 for detailed information.
Please update your SQL Server instances as soon as possible. Note that today is Patch Tuesday, so you can expect other updates for Microsoft Windows as well as part of a regular monthly update.
EDITED TO ADD: Yes, this affects the Linux and Docker versions as well.
Photo credit: John Salvino.