This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.