I doubt CD-ROMs would be used within Whonix and the CD-ROM kernel driver has had some vulnerabilities before such as CVE-2018-11506.
How to exploit, how to make the kernel load the module?
Irrelevant in a VM without cd-rom drive?
A VM without cd-rom drive won’t have the module. Won’t need the config therefore?
and a VM with cd-rom drive should work out of the box because the drive was manually added?