It’s VirtualBox upstream bugs. Documented here:
Spectre, Meltdown, VirtualBox
Nothing can be done about it from the Whonix side.
Kernel security settings are already “maxed out” through GitHub - Kicksecure/security-misc: Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc / Kernel Hardening - security-misc.
These issues are unspecific to Whonix.