diff --git a/kernel/Kconfig b/kernel/Kconfig
index a5fc86558f6..bcecfe735a0 100644
--- a/kernel/Kconfig
+++ b/kernel/Kconfig
@@ -651,6 +651,17 @@ config STACK_POINTER_RANDOM
 	  This is currently only implemented for systems whose stack pointers
 	  grow towards lower memory addresses.
 
+config BOUNDS_CHECK_BYPASS_MITIGATION
+	bool "Enable bounds check bypass mitigations for speculative execution"
+	depends on USERSPACE
+	help
+	  Untrusted parameters from user mode may be used in system calls to
+	  index arrays during speculative execution, also known as the Spectre
+	  V1 vulnerability. When enabled, various macros defined in
+	  misc/speculation.h will insert fence instructions or other appropriate
+	  mitigations after bounds checking any array index parameters passed
+	  in from untrusted sources (user mode threads). When disabled, these
+	  macros do nothing.
 endmenu
 
 config MAX_DOMAIN_PARTITIONS