Unsolicited network traffic should be a major point of concern when using any OS, period. This isn’t an issue that’s limited to Whonix users so any such traffic should be stopped upstream if possible. Lack of concern for this is why Whonix discourages using Windows or Ubuntu.
Here’s one example from this forum. If you see other OS-generated traffic, please be specific.
Not Tor. Tor’s job is to provide anonymous routing for your traffic, not to discriminate between the type of traffic that it routes.
Not Tor Browser either. Tor Browser’s job is to provide identical fingerprints to destination websites. What the OS does is beyond TBB’s scope.
These issues should only be addressed by Whonix if ignored upstream.
Seems that the vulnerability due to OS traffic would be potential tracking of hardware as it moves between locations. In most cases, this isn’t catastrophic because of the location anonymity that Tor provides. Can you be more specific about your threat model?